Four months ago I knew very little when it came to hacking - I had tried to look into it a little before, but had fallen into the traps of just reading about topics and not using the knowledge I had gained, or just knowing the basics about certain vulnerabilities and not properly understanding them. I had seen some basic examples of Cross Site Scripting (XSS) and SQL Injection, but didn't know about the (sometimes insufficient) measures that developers took to prevent these threats, and had never performed an attack myself. It is however possible to get practice learn about ethical hacking in a perfectly legal environment to start developing both the knowledge and the skills that are required for hacking. The steps below are those that I would recommend to someone interested in learning about ethical hacking, but are no means the only way to learn.
Things you need to know before you start
You need to know about the technology used in the systems that you are testing, otherwise vulnerabilites will be very difficult to understand. Firstly I would recommend reading about the protocols listed below. You need to have an understanding of them, but you don't need to memorise a whole Wikipedia article, or know every fine detail - the information will still be available tomorrow.
- IP, TCP, and UDP
- MAC and IP addresses
- DHCP and DNS
- HTTP and HTTPS, as well as SSL/TLS
- It is also useful to have a basic understanding of other protocols such as SSH or FTP
While I'm always a fan of using your knowledge as you obtain it, it can be a little bit difficult for some of the items in the list above. Arguably the most important items in this list are HTTP and HTTPS, and fortunately it is possible to easily have a play around with these. It's a good idea to install and configure a proxy such as Burp Proxy (included in Burp Suite) and have a go at intercepting and modifying some requests.
Some Linux knowledge is also crucial. A large portion of the community is centered around Linux, and a lot of penetration testers useKali Linux. There are many Linux distributions, and each one has a group of people ready to tell you why that distribution is the best. If you don't already have a preference, Debian is a good place to start. Make sure that you can at least perform common tasks in the command line, such as navigating the file system and reading/writing files. You can (and will have to) expand on this knowledge as continue. With the help of Google (or of course another search engine) you will find that these skills are fairly simple to pick up, and if you use them regularly then they are also hard to forget. I would recommend setting up a LaMp server in a virtual machine (this will be necessary anyway if plan to follow the next step of advice).
Create and hack your own basic website
Your website doesn't have to be useful in any way, or even look vaguely acceptable, it's just for experience. If you don't want to, then don't waste time making it look pretty, just make it functional. Also don't go out of your way to research security best practices at this point, as creating and then attacking your own vulnerable website is a great way of learning. If you're unsure of what features should be included then try the following:
- A registration form that stores users' usernames and passwords in a database.
- A login page that allows users to log in with valid credentials. Once a user is logged in, they should remain logged in.
- A website-wide header showing the user's information if they are logged in, or a link to the login and registration pages if they are not.
- A simple form that allows for retrieval of user information from the database by selecting the user's name from a drop down menu.
- A file upload/download page that will allow logged in users to upload files and download files which were uploaded by other users.
Your site can now act as a great target for you to begin hacking - you understand how it works and it is most likely very vulnerable. Read through The OWASP Top 10 and try and find these vulnerabilities in your test site (they may or may not be present) - you might find Burp Proxy to be very useful for this. Once you have found some vulnerabilities, then look into the best practices for preventing them, as well as the best practices for things such as password storage, and have a go at implementing these practices.
Don't break the law
It's not necessary to break the law or do anything immoral to learn to hack. There are plenty of virtual machines and web applications designed for learning, such as DVWA and Metasploitable - a VM designed for learning to use Metasploit, a very powerful tool for penetration testing. I've included a longer list of tools aimed towards helping people learn ethical hacking at the bottom of this post. It is also possible to test real world application without breaking the law, for example, you can download and locally host a CMS with some simple test content, and then try to find and exploit vulnerabilities in your locally hosted system. It is possible that you may not find any vulnerabilities in a particular CMS (or other type of application that you have chosen), and if so then keep trying with a different CMS until you find something. When you find a vulnerability, it should be reported following theresponsible disclosure procedure.
This article hopefully stands as a good starting point, and you can use the many free resources available to take you much farther.