Thanks to Guillermo for suggesting the topic for this post, it is something that although I am lucky enough to live, I do not know if it has been written about it here in the past, but in any case I will bring it to light again to share a little with you 🙂
The art of being a hacker
One of the books that have caught my attention the most on this subject is without a doubt Hacking: The Art of Exploitation, de Jon erickson. It is a jewel for anyone who wants to immerse themselves in this world of true hackers. And as it is in the book, I will allow myself to take the first question that exploded my mind upon reading it.
The essence of a hacker
Using each of the following numbers 1,3,4 and 6 exactly once with any of the basic operations (add, subtract, multiply, divide) get a total of 24. Each number must be used just once and the order is up to you. For example:
3 * (4 + 6) + 1 = 31
Correct in syntax, but incorrect in result.
I must admit that I was unable to solve the problem until I finished reading the book and saw the solution on the last page. But basically this is the essence of a hacker, to be able to see what others do not see.
The first hackers
A group of students from MIT (Massachusetts Institute of Technology), around the 50s, received a donation of telephone equipment, with these pieces, they developed a system that allowed managing the communication line remotely through special calls. They made a discovery using technology that already existed, but using it in ways that few or no one had seen before. These were the first hackers.
A community of support
Today there are many "certification" exams to become a "hacker," but the reality is that one will not become a true hacker until a community member who is already a hacker agrees to call us by that qualifier. One of the ways to do this is to be able to contribute something useful to the community. Many hackers are ultimately low-level programmers, since they know in a deep way how computers work, at the memory and operating system level; bits as a last resort.
This knowledge allows them to find vulnerabilities
This is like when we first learn mathematics, when we were children, we needed someone to explain and teach us symbols and shapes, and this happens in a certain way with programmers too, a true hacker is one who knows these symbols and shapes , and it signals us when it sees that we have failed to use them (a vulnerability). And like Linus Torvalds himself (another great hacker, in the real sense of the word) the "vulnerabilities" are only bugs. With this referring to the fact that they are nothing more than programming errors, although perhaps with other types of consequences to the bugs more common.
Hackers are NOT necessarily criminals
This is true up to a point, let's think about it for a moment. When a real hacker wants to know something, he tests even the smallest detail of the system, with all his knowledge he can dodge, or avoid access controls, or modify orders to perform other tasks, or even turn the program into another thing. But where does this come from?
Motivations of a hacker
These can go in a wide range of possibilities, some (most of the true hackers) discover what they discover for mere intellectual pleasure, they enjoy the challenge of finding these 'gaps'. Others do it out of ego, since they want to be able to say that they are the best at something. But it is undeniable that some or many of them will also be there for the money, since controlling things that are uncontrollable for most people is certainly a tool that can produce a lot of money. This is the reason why we can say that hackers No. They are necessarily bad, but watch out for him necessarily.
Another important reason is that hackers real they distrust of the technology that we all use. This is so because in their deep knowledge of systems, they know the limitations and gaps or vulnerabilities. It is this knowledge ultimately that allows them to "bypass" systems in order to fulfill some of their other motivations (intellectual, economic, etc).
3 types of hacker today
Today we can find 3 known groups of hackers, distinguished in a curious way by the type of hat they wear: white, black y gray hat. In a nutshell and with an analogy that we have already touched on previously, we find that whites are the good guys, blacks are bad guys, and grays are in the middle where they use their abilities to be either good or bad, depending on the situation. But there is one last term, much more used in hacker circles. real.
script-kiddie
What is a script-kiddie? As his name says, he is a "child" in the sight of the true hackers which only uses scripts for your benefit. And here you have to make a very big distinction,
Being certified in computer security does NOT necessarily make you a hacker.
And this is a personal point of view, as well as a hacker you may be uncertified and still be a great hacker. But let's see why I say this. Many certification exams / courses / etc teach you the steps of a pentesting successful, they teach you the theory of vulnerability types, they introduce you to the world of computer security as if you were well versed in the subject. But the reality is that until you make a substantial contribution to the community hacker, this means, until no create a tool which prove useful for hackers, you are not one. So simple and easy.
No matter how well you can use nmap, or zen, or even metasploit, as long as you are not able to provide a real exploit, or a real recon tool, you are NOT a hacker, just a script-kiddie, and it doesn't matter that you have N certifications in security, that is not going to change it.
Hackers make this a better world
It is thanks to them that we have technology in constant motion. The kernel is a great example of this, there are hundreds of minds very well versed in the subject, who create code that serves not only the hacker community, but the whole world. But not only this, if it were not for them, technology would stagnate at points where people would not want to continue developing, this because by finding vulnerabilities, hackers help motivate developers to write better code, and in turn, this better code motivates hackers to prove they are even better, creating a virtuous circle in between.
Final reflection
Well, I'm going to cut, just like that, because I have seen that I am spreading and although I would like to explain a little about how to find an exploit, that will have to be for another time. I personally consider myself a 'script-kiddie' still, since although I have found a few vulnerabilities out there and have even been able to assign CVEs to them, I have not yet created my own exploit or tool to make available to the community, but I hope that changes in a short time 😉 Without further ado, thank you very much for your time, greetings.
There is no doubt that you are not an ordinary blogger, you know in depth what you are talking about.
I hope you become a great Hacker, but don't stop sharing these wonderful posts.
Thank you very much Mart for your kind comment 🙂 because that is the idea, to build a better and safer world. I want to write a little post about how exploits really work, but I'm having one or two problems with my Shutter, I'll see how to fix it soon 🙂 greetings
A hacker is not a criminal, we are fond of knowledge, he is someone who enjoys and enjoys seeing a code unravel it and knowing how it works since I am in the computer world since I was a developer I have always been curious and thanks to the internet now I have more access to information that I could only access when I started in books excellent contribution
Very true Juan José,
I would be wonderfully happy to be able to dedicate myself to research in the future, it is a pity that this field is so underdeveloped in Peru, but with a bit of luck I will find something similar when I finish my studies next year 🙂
regards
Can you help me install Subterfuge ???
Hi Mike,
I have not had the opportunity to test it, I go a little more to code than to transport, I have not yet entered that field. But from what I have been able to investigate there have been a few problems with the migration from python2 to python3, a good way to practice would be to read the install script and see what may be failing, regards 🙂
This information is more than similar to the one that appears in Cisco security-essential ...
Hello hack
Could you give me a little more information? I'm not sure what information 🙂 but surely there is a more than reasonable explanation.
regards
Nowadays, being a hacker means being a celebrity with a lot of fame and money, promoting yourself and advertising on social networks, exposing yourself publicly on the Internet, monopolizing knowledge by depriving you of the rights that defend your freedom and using platforms and systems that are not 100% code. free. If they meet these characteristics, they may already be hackers, or otherwise they are seen as criminals for protecting and defending their privacy.
For me the term "Hacker" became an unbearable cliché, I prefer the term pentester or simply fond of computer security.
Regarding what you comment about contributing to the community, whether it is another question of ego or just the typical moralfag trying to get a good reputation, I have some good friends who never share their vulnerabilities or their tools that they create and I can say with It is highly certain that they are some of the best "hackers" I know.
On the other hand, it does not matter that you publish a good toolkit to exploit any vulnerability, if you are not known, it is most likely that it will be recombined and published by a larger group, the case of the ZZAZZ-forum will sound familiar to those in the know about the subject and its precious SDBS that although they are fairly well known, this was diluted between Metasploit, Nmap and among other toolkits and since it is anonymous, the authors are not recognized, simply an alias, which even a lammer can put in their account to «hack to Facebook".
For my part, I prefer to publish my "findings" only in case there is a bug bounty, ̶q̶u̶e̶ ̶p̶a̶g̶u̶e̶n̶ ̶d̶e̶c̶e̶n̶t̶e̶m̶e̶n̶t̶e̶ and these are no longer useful otherwise I prefer to save them, regarding my scripts it is not a horrible point to publish them because it is paltry to publish them of badly written code, that although it works well, as I only understand myself, I am the only one who makes it work correctly.
The term "Hacker" is already well worn.
I agree. The community does not exist or is not as useful as it is said, or as it was in the early 90s.
Today free software is not driven by the community, it is driven by large companies. Behind every great free software project are Red Hat, there was Novell, this Microsoft, this IBM, this Oracle, or this some corporation that serves them as profit, not because they want to share their work hours.
In addition, the software changed a lot, the reality of IT changed a lot, in these projects it is almost impossible for me to sit in the armchair of my house, and no matter how guru of C it may be, with the size and complexity of a software Like CloudStack, KVM or PostgreSQL, I can't do more than contemplate and study it, it is far from modifying it from top to bottom and adapting it 100% to my specific need.
The times when the free software emuje was given by a programmer in his house ended more than 20 years ago, in view of this, how many years have we been waiting for Hurd to release a really stable and usable version? Or how long did it take to see the famous debian without systemd, and how widely used is it really?
The only thing that is almost fully developed by the community are some graphical environments, such as KDE, or simple tools such as a specific command, or something esoteric from the terminal that can be done without problem from the graphical environment, but it is in 99,99, 13% of the professional linux user is not interested. I have been a Linux user for almost 5 years, but it has been XNUMX years since I stopped struggling with having linux on my terminal, it affects productivity enormously. I prefer not to waste that time, use Windows or Mac and use that lost time for my work
The same thing happens with hackers. That mystical aura that surrounds hackers is over, and that "hackers are not bad" is a lie. Most of them do it for money, they do not do it for philanthropy of finding mistakes and helping the world, nor do they do it for hobby. If they get paid to find vulnerability in an internal system, or to screw a competitor company, they will do it without blinking. That of goodness and nobility also ended in the 90s.
Hi Gonzalo, thanks for sharing
I understand to some extent your discomfort regarding the community, to begin with because here in Latin America, it is almost non-existent (compared to other places of course). But I would like to highlight a couple of issues. First, although today many companies have set their eyes on open source (not free software please) this does not dictate that they have a silver platter in their code or anything like that ... at least from the kernel point of view and git I have been able to see how no matter how big your company is, if the code that is produced is not good, it does not enter ... that simple. And if we think about it a bit, how are these companies not going to enter if precisely the code is of quality, and has been forged by communities with time and dedication. And because they like the subject, and they have become experts over time. Which also leads us to the fact that the best companies at the same time hire the best experts, so that they can work doing what they like.
And true, the amount of code produced today is so large that one could hardly write everything from scratch ... but to tell the truth, not even being the greatest C guru on the planet would I dare to write something entirely from scratch: first because I would not have enough life to match the quality of the other work, second because I would have to have a very inflated ego to believe me better than all those brilliant minds who are also dedicated to generating quality code and reviewing it and testing it and debugging it. And if you want to add a specific need, I think that I have not known a free or open project that denies you the initiative ... of course, if you write bad code or want to impose totally radical changes that could break many things before adding them ... it is evident that this Change is not going to "proceed", but it is precisely that quality in the initial stages that has made them great in the first place ...
If you've already stopped using Linux for 5 years, then you shouldn't consider yourself one 🙂 that simple. What you call "lost time", I would call it "lost user", but to give an example, if I were a guru in C and I liked GNU Linux or any project, instead of waiting for others to do the work for me , I would start adding those lines that I want to see so much in my program so that it "works" correctly. And I know several people who work their "free" time to make these programs better, to take care of them and to investigate them ... but I suppose that already belongs to each one 🙂
And as for hackers are bad, we start from the same assumption, that hackers are only dedicated to finding vulnerabilities ... if it weren't for great hackers like Ken Thompson, Dennis Ritchie, Richard Stallman, Linus Torvalds, Edwin Catmull ... The list could go on and on, but if you don't know any of those names, it's because you haven't really understood what a hacker is in essence ... they just stick to the "stereotype" that they don't like so much ... And if you think the nobility is over in the 90s, well I'm sorry that it hit you so hard in life, but let me tell you that there are still people working to make this world a little less worse, instead of just avoiding work and going for the exit that avoids « waste that time »...
Regards and thanks for commenting,
Hi Kra, thanks for sharing, I understand your point of view and I just wanted to give a couple of personal opinions on this. Pentester and hacker are totally different things, and if we think that a hacker is only dedicated to finding vulnerabilities, well from that moment on we started badly ... that as a first point, the second is similar, since there are many very skilled people, that although their names are not written in gold letters in the best magazines in the world (that would be a mere question of ego) they dedicate a large part of their day to projects of this type. And they do it because they enjoy doing it, otherwise I would not find reason enough to see them work on a Sunday night, or take a few minutes a day after a long working day ...
And ultimately, and this is also quite a personal opinion, in the end it will be about the legacy that you leave the world with your "findings" ... yes, many great minds make software what it is, some recognized, others not so much, but that it depends on each one ... I have shared scripts and code in many places, and I was surprised to see how many errors it had, and how many opportunities to improve efficiency, size, productivity, logic, etc ... and perhaps that is something that to me I personally like to do it and very much mine, but just as there are people who do it only for ego and money, there are some who do it because we simply like it 🙂 but it would be very easy for me to charge for each of these post, where surely I do not say nothing new, but I have seen people who charge more for an amount of content even simpler than I can share in these lines.
Sparkly!!! I always follow you… don't stop to the top !!!
Thank you very much Ricardo 🙂 he encourages me to continue sharing whenever I can 😉 Greetings
According to the Zuse-Fredkin Thesis, "the universe is a cellular automaton" that is to say, a Universal Turing Machine, since in it processes equivalent to a Universal Turing Machine are carried out (such as programmable digital machines - computers). That is to say, roughly, the universe is capable of emulating any machine and that makes it a gigantic machine. However. If a scientist or engineer creates or discovers new functions or solutions within the universe, and considering that computationally speaking, this is equivalent (or more but that we do not know) to a Universal Turing Machine: engineers, scientists, etc. Are they hackers?
Hello Mark 🙂 because the game of life is an extremely interesting topic, I have had the opportunity to read a little about it and at the same time once I programmed it to see how it expanded in a small board of a few hundred pixels. But let's get to the topic, the main difference between a cellular automaton and general computing is that the cellular automaton has defined and prescribed rules, these are presented in a simple way in the program, but they reflect a much greater and more complex reality.
It is worth mentioning that neither scientists nor engineers create natural laws (the statutes that would govern a cellular automata) since these are a mixture of visible factors and other (even more important) invisible factors. Discovering (in the sense of unveiling) a new law in the universe is a laudable act, and that to a certain extent implies being able to see what others do not see, as we have commented in the very essence of the text, but a small and subtle difference that can help clarify terms. Hackers "create" in the sense of being able to generate new computational rules, based on well-known defined mathematical principles. Scientists "discover" these mathematical / physical / etc principles.
Making these slight caveats we can see that in a slightly deeper sense of the subject, both would come to be considered hackers in the real sense of the word 🙂 since they see things that others take for granted, and discover things that escape the general view.
Very interesting topic 🙂 maybe you can write a little about it, although that escapes the Linux world a bit to go a little more to the theoretical Physics and Mathematics 🙂 Greetings and thanks for sharing
Thanks to you for the reply.
(14-6) x3 = 24? Was it like that?
14 doesn't count 🙂 they have to be exactly the numbers 1,3,4 and 6 🙂 that is 1 x 4 - 6 + 3, but not 63/14 or something like that. If you want the answer, let me know 🙂 but I will leave the opportunity to keep trying
Possible outcome
6 / (1 - 3/4) = 24
It took me 3 days but here it is:
6 ÷ 1-34 = 24
6 / (1 - 3/4) = 24
Friend, the book you recommended is in English, right?
Hi Mambell,
I read it in English, but I can't tell you if it's translated into Spanish somewhere, good luck with that anyway, Greetings
3*(6+1)+4=24
21 + 4 is 25 😛
The entry is very good, if I am not mistaken, the word hacker has been deformed over time through the media that paint them as "bad"; In other words, they are curious people with deep knowledge of very specific topics; I somehow relate it to the fact that hacker is equal to white hat and cracker is equal to black hat. 🙂
Is it necessary to contribute only at the software level or can it also be at the hardware level? Can someone with a new invention be considered a hacker by the community?