Guide from Script Kiddie to Hacker - A Guide for the Misguided

This is another guide for people who want to start hacking. The reason this post was created is because of these 4 reasons (p/s: No offence if you fall into the category's below):


  1. I feel guilty for the people who make fun of hacking by saying ''I can hack your Facebook, now bow before me!''
  2. I feel bad for people who can't differentiate between hacking and cracking.
  3. I feel hatred for people who can't tell the difference between a hacker and a pentester.
  4. Last but not the least, I feel awful for who calls themselves ''Certified/Professional Ethical or Black hat hacker'', after they just took over a Facebook account, cracked a weak WEP key and then opened a blog with the title ''An Ethical Hackers Blog''.

These are just the few of my large list of reasons due to which this post was made. But before I continue, please keep in mind that I will be writing some stuff that might seem offending to you. Though it is not meant to offend since this post is just for awareness.

Here's what we're going to discuss:
  1. What is a ''Hacker'' and what is hacking?
  2. List of things that are ''NOT'' hacking.
  3. Difference between hacking and cracking.
  4. Actual and Real time hacking.
  5. Difference between a hacker and a pentester.

1) What is a hacker and what is hacking?

A hacker is a person who specializes in computer security. A hacker discovers and exploits the vulnerabilities found using his own set of particular skills, tools and knowledge. A hacker might do such things for his own purpose or for money. Sometimes even as a challenge. In this era of technology and cybernet, many people especially the government think of hackers as so called criminals. Well the thing that you should remember is that not all hackers are criminals. Hackers have types like Black Hats, White hats and Grey Hats. Out of them Black Hats are considered criminals but all hackers are considered a potentional threat. Though, we are not here to discuss threat, we are here to discuss the true meaning of a hacker and hacking.

There are many meanings of a hacker. This is what Wikipedia says:
A hacker is someone who seeks and exploits weaknesses in a computer system or computer network. Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge.
For us the true definition would be: 
A person having security analysis and exploitation skills, able to exploit vulnerabilities on a target system by using his own set of Tools and Exploits
Taking the above definition in view, it clearly states that a hacker uses tools that he codes and makes himself. This also indicates that this person has significant knowledge in programming, which makes him able to make his own tools. Exploitation itself is not easy as it requires constant observation for detecting vulnerabilities and coding an exploit for them which too requires programming as well.

The inverse of a hacker is a Script Kiddie, who uses tools made by others to exploit vulnerabilities.

You've noticed that we use tools like Havij, SQLdumper, Hydra, OPHcrack, Metasploit etc to exploit, crack and hack. But these tools are made by others. How come we are hackers when we use tools built by others? Then we should be called Script Kiddies instead, right? Well, this is the part where most arguments carry out. We can't stop using the word hacker for ourselves even if we aren't done. This is not our fault, this is because the meaning of hacking is being taken the wrong way and off course the beginners who are eager to learn to hack in just a blink of an eye. Nope! That's not even possible. Just as programming you can't call yourself a professional no matter how much you do. Same goes with hacking. Each and every day something new gets made and it is designed in such a manner as to provide a 99% possibility of being secure. For that hackers have to go deep and study more about it.

We hear news that a bank got hacked and some vicious amount of money was stolen. It may seem to be easy for noobies but if you ask the hackers who have done it you will be amazed by the amount of deep work they had done before carrying out the attack. They had t find out the main bank server, tackle their security protocols, firewalls, IDS, etc and for that they had to find out which type of System they were using. Then to study deep about that system, find out a way to tackle it. After passing that, they had to find out how to get access to the main server and shit like that. And after all the most important thing is: How did they stay Anonymous?

Script Kiddie, the wrong part.

Nowadays someone can easily be tempted to anger by saying ''You're such a Script Kiddie'' and there goes another fight and arguement. The problem is the same, the meaning of script kiddie is being a person who has no knowledge of anything related to the relevant field. If you read the definition of Script Kiddie: 

A script kiddie (also known as a skid or skiddie) is a non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept—hence the term script (i.e. a prearranged plan or set of activities) kiddie (i.e. kid, child—an individual lacking knowledge and experience, immature)

It states that a Script Kiddie is a non-expert but that doesn't mean he/she has no knowledge or skill. A Script Kiddie has concepts and knowledge and more of it than that of a newbie or a n00b. People often get angry when one blames over knowledge. No one knows anything to a 100% extent so why can't we admit we are Script Kiddies? I personally don't see any point or a bad thing in it because:

  1. You know your shit about hacking, exploiting and other things. (n00b's don't)
  2. You can use tools (n00b's can't)
  3. You have potential (n00b's don't)
  4. You have skills to use them (n00b's don't)
  5. You are gaining more knowledge about your relevant field. (Half the n00b's are lazy at this points. Though, you are not!)
and so more!

My point is, don't get mad at eachother when one calls you a Script Kiddie. A skid knows much about his real shit rather than a n00b who wants to learn the damn shit which is done in years, or maybe even a lifetime, in days. So yeah, there's a 101% difference between a n00b and a Script Kiddie. So remember:

SCRIPT KIDDIE IS NOT A n00b


2) Things that are NOT hacking.

People have been merging wrong fields with hacking as a part of it. Let me tell you one thing, it takes a lifetime to become an expert in this field but newbs have taken a wrong turn. They have been considering things on their own as a part of hacking. Let me list some stuff here for your explaination.

  1. Hacking Facebook, Twitter or Instagram accounts. This is what usually newbs say, but it's actually cracking, so not hacking. I will discuss the difference between hacking and cracking in the next topic.
  2. Cracking WiFi passwords, is not hacking.
  3. Infecting people with RAT's and get credentials, is not hacking.
  4.  Gaining access to a target OS using already made exploits or tools, is in my opinion not hacking. Read the hacking definition again and maybe you agree with me.
  5. Reverse Engineering is cracking.

3) The difference between hacking and cracking.


4) Real and Actual hacking events.

One of my favorite hackers from the past is Kevin Mitnick, they are legendary and their work is almost perfection. Unless you read some real time encounter of these hackers you won't be able to get the true spirit of hacking and how it's done. Click here to read a book written by Kevin Mitnick called ''The art of intrusion''. You'll be amazed by the end of the book!

5) The difference between a hacker and a pentester.


I couldn't really describe it much easier than this explanation I found on Wikipedia:

According to the EC-Council's Certified Ethical Hacker course documentation the two can be defined as follows;
Penetration Testing: A goal-oriented project of which the goal is the trophy and includes gaining privileged access by pre-conditional means.
Ethical Hacking: A penetration test of which the goal is to discover trophies throughout the network within the predetermined project time limit.

For me reading that I would say difference is; a pen-test has a single goal (trophy) and strict procedures that have to be followed to get that trophy, and an ethical hack is a much larger beast that involves many goals or trophies, could last so long it needs to be time restricted, and in general has less limits.

So a pen-test is "one goal, one process" and ethical hacking is "hack everything that can be hacked, ethically"

That was it guys :p I hope I made some things clear and that you agree with me. If you disagree, a discussion can be started in the comments, a friendly one!