-= A serious newbies guide to the underground =- I realise the net is flooded with "newbie guides" half of wich cover the basics of exploiting UNIX and NT boxen. And I apologise for adding yet another "newbie guide" to this monstrous series. But this is my attempt at providing the newbies that be and are to be with information they really need to know. -- IRC -- Most of you start off in IRC or Yahoo , Aol etc and pick up tid bits of information that often peek your curiosity and leave you with endless questions. Like any one else on the net you want answers to these questions. hopping from IRC channel to channel and asking around is not the solution by any means. Youre not only going to run into endless angry children looking to flame people such as your self in hopes of looking cool infront of others , youre going to become one of these disgruntled kids/adults your self and add to the down fall of information exchange. The days of comradery between curious minds is dead. And joining "Hacker Groups" is just as bad an idea. You would marvel at how infested with narcs these groups really are. And how often these people spend time flamming one another in each others abscence. Dont get me wrong.. some opers in some of the underground channels have legit answers and some excellent advice. As well as a few of the occupants of these channels. Sit queitly. If you have a question on any topic (yes even how to hack hotmail) take the initiative to seek answers through search engines and texts on the net about them. The net is abound with free information on security and exploitation. Its out there , I promise. You just need to open your mind and your eyes and look. When youve found some information on what you where curious about, make your self comfortable , grab a drink ( coffe is always good for this ) put on some tunes and read. When you find your self becomming resltless with the reading. Take a break , pop your head into what ever chat place you where parked in. Read whats going on.. amid the endless flames , you would be surprised how much information you pick up just keeping to your self and letting others discuss security or coding etc related information. Dont comment on anything. Save your self the headache of dealing with angry people. When you have had your fill of IRC or whatever your case may be, pick up where you left off reading. And honestly everyones just going to tell you to go read anyhow. Alot of you say "But I dont feel like reading". You are better off taking the time to search and read then sitting there and taking flame after flame for bothering people with questions and being told to do what this text is now advising you to do. And will have accomplished your goal ten times faster. -= Where to begin ? =- - Coding/Programming - The back bone of the net is programming/coding. And in the end its what it all comes down to. "Can you code". Im not going to suggest any one language , we all take to something differnt. And dont let others convince you whats good for you or not. When youre ready to get into coding , im confident you will take the time to research the differnt languages and pick what peeks your interest. Not what peeks others. This is an ideal place to start with out doubt. But if you arent curious nore ready yet. Dont do it. Dont commit to something that you wont enjoy. If you do decide you want to walk down the coder path and find a language that appeals to you ? Dont bust your self. Pace your self. Devote an amount of time daily if you can. To reading the Ebook or Text you chose on the labguage that appealed to you. Packetstorm.securify.com is loaded with books and texts. Take the time to review a few. Some may will suit you better than others. Personally , I go 30 mins reading sometimes 45 then I take a break and chill with friends in IRC. Or get whooped in Quake 3 for about an hour or so. Point being , take it in for awhile then relax and let it soak into your head and reflect on it. There is no rule saying you better read at least 12 hours a day. And dont feel you need to rush to prove anything to anyone. Because you dont. Your in this for you. - Computer Security - Security is always a fun topic to study. There are endless computer security sites across the net. And sitting in underground ( hack ) channels im sure you have herd of several security vulnerabillities that you want to learn about. Go ahead , open the search engine and look for information on it. Ya.. youre going to find "programs" and "exploits" for some of these. Do you fully understand what its all about and what exactly goes down when you exploit these vulnerabillities ? Are you up to cops kicking in your door and dragging you out side.. Can you afford a multi thousand dollar fine and community time for playing with security vulnerabillities you had no clue about... then dont do it. Take the time to learn about whats on your mind first. Really come to understand it all. And no. No one is going to think you cool for breaking into a vulnerable server when you really had no clue what was going on and got your ass busted. You will get laughed at. You wont get any respect. And people stop taking you seriousley. And there was no skill at all in using another persons code or work to attack a vulnerable server. I see kids daily deface web pages by using other peoples code. And ive never seen anyone give them credit for it. I have seen a group laughed off IRC by more reputable groups for doing just that. I have several sites I visit on a daily basis. And read the news on them with my morning coffe and/or my after work brew. Stay caught up on matters, learn new security information. You will often see that same information and in differnt detail in that chat channel you were hanging out in and catch a bit more about it. One day of doing this... look at how much you picked up and are clued in on.. - MISC - Networking , protocols , subnetting etc. Not topics that are often sought after by a newbie. But if you come across a small text based on one of these or something simular. Take the time to check it out. No , it may not make much sense right now. But later it all begins to fit together nicely. And in the computer security or coding information you have been reading you are guaranteed to come across these topics. You may find your self leave your present subject to temporarily refer to another text that will explain these to you and let you move along in your goals. Again , remember not to bombard channels with questions about something you need or want to learn about. You dont want to lose your frame of mind due to dealing with angry tikes and flames that are far less intelligent than the question you asked. -= Underground trends =- - OS - I know youve watched endless arguements about what Operating System is elite and whats "gay". Dont feel pressured by this. More often than not what you are witnessing is some one who has just installed a new OS or has been on the same one for what ever amount of time and feels he needs to praise it. Regardless of how many security holes it has or not. Some people like to try and make a name for them selves by the OS they run. Like people like to flash what car they drive. Dont feel any less or more skilled than anyone else based on what OS you are on. If it works for you right now , and is letting you do what it is you need done. Then its good for you. If youre on Windows now and dont feel confident about moving to a UNIX flavour. Then dont. If and when your curiosity is peeked about a new OS. Take the time to look into information on it. And info on how its installed or "dual boot". Again , dont feel the need to rush into something you simply arent ready for or just arent interested in. You'll get there when you are ready. - Alias/Nick name/Handle - There are multiple reasons behind an alias. Some prefer to hide their real name and arent comfortable about world knowing their real name. Some figure an alias will hide them from "FBI" and narcs in general. ( ya right ). Alot figure a cool sounding handle will earn them respect and fear. ( umm.. ). Some just pick a name based on something that interests them. What ever your case may be. Try to avoid names with ascii characters and toggled letters and numbers. ( k-rad). People only roll their eyes when they see it and dont think to much of it. Again , right now you really just want to keep a low profile. Keep it short, simple. Mine is based on a dilbert comic strip character. No meaning , no message. just a name I was amused by. I know this text failed to teach you how to "hack a server" or use an exploit. And I also didnt make any refernces to sites that will. Reason being I want you to develop your self through your own skill and not what others think you should. Or start reading text I suggest or visit sites I advise because it was mentioned here. Im hoping ive left you with enough information to get by and guide lines to get you on track and not have to spend days dealing with people who hope to use you as a victim to try and make them selves look better. Good luck guys. Im working on compiling a text about NON automated remote security exploitation. i.e ( not using scanners , exploits , etc to compromise a server ) directed at the mid level newbies. Keep an eye out for it. RatDance neoerudition@videotron.ca Shout outs to #suidrewt: Vince , Cheshire , Pip , Tone, Nita , Cat , Baegel.