In this article we will guide you about 25 ways to become the ultimate script kiddie.
- You do not need to learn C, C++, C#, Python, Perl, PHP, Assembly and other computer programming languages since Kali, Parrot OS, and Backbox Linux have scripts and GUIs for performing penetration testing, wireless cracking, and vulnerability assessment.
- Use r57, c100 or c99 shells as your backdoor shells as a proof that you were able to hack their web application and have gained access to the server.
- Use the Hail Mary attack in Armitage in a covert penetration test because the GUI is awesome. It is very cool and totally legit. You don’t need to know the exploits being launched.
- You don’t need to study exploit development or all those EIP and ESP stuffs since you can just download any exploits in Exploit-DB or Packet Storm. The Metasploit Framework has a bunch of exploits too so no worries. Some forums have exploit kits that are free to download and you should be all right with it.
- Make unbelievable claims that you are the world’s no. 1 hacker and write a book about your hack escapades and adventures.
- Trust and use SubSeven, DarkComet RAT or Lost Door Remote Administration Tools (RAT).
- Use wifite (automated wireless auditor), Gerix Wifi Cracker, WepAttack and Fern WiFi Cracker without having to know how to use Aircrack-ng Suite.
- Use Burp Suite Professional’s Active scanning always when auditing web apps – it’s all about the threads. Also do not trust the Web Application Hacker’s Handbook – it takes time.
- Treat Acunetix, Netsparker, HP Webinspect, Core Impact and IBM Appscan as your ultimate web application hacking tools.
- You don’t need to learn about networking, TCP/IP, and IPv6 since there are various GUI tools for automating network penetration testing and network pwnage. You don’t need to be quiet in order to hear better, sometimes you need brute force if it just doesn’t work out well.
- Download as many hacking tools as you can. Fill up your hard drive with loads of it. Turn off your antivirus if it detects some of your tools as malicious.
- Create your own security blog that rips off other articles from known InfoSec blogs.
- If you can’t hack a certain website with your tools, just suppress it by DDoSing their site. Sometimes you just need to annoy them in order to teach them instead of outsmarting them.
- Create your own underground group then deface as many websites as you can with your group name on it like “Owned by fs0ciety! Nothing was harmed except your pride” without knowing what attacks you have conducted.
- You don’t need to understand the concepts of how an operating system works.
- Create your own “Self-Interview” without being asked by a news editor and have it published online. Self-promotion is good so that you can spread how you started hacking and share the tools that you used.
- Create an ub3rl33t handle with numbers in it e.g. 4h4ck3r, d1v1d3sbyz3r0, z3r0c00l, 3n1gm4, j3j3m0n, m4st3rsw0rd, k3rn3l 3.0, etc.
- Do not resist the urge to use LOIC, WiNuke, Cain and Abel, Back Orifice, ProRat, exploit kits, Trojans, and malware without understanding how it works and its underlying concepts.
- UNIX is just too old. You don’t need to study it. You have Windows, anyway.
- Do not contribute to open source tools like Metasploit, Nmap Scripts, SQLmap, and wpscan. Just use them anyway!
- Do not responsibly disclose the vulnerabilities that you have found or do not submit vulnerability findings and exploits in PacketStorm and Exploit-DB.
- Create an army of zombie computers and botnets by using available tools online. You can rip off some known malware in the wild.
- Sometimes you don’t need to “Try Harder” as what the Offensive Security Course always says. The easy way is better.
- Threaten that you will hack people if they agitate you.
- If you have problems installing penetration-testing distributions, just use Windows and download alternative packages and bundles for hacking.
A remedy for the weak of heart and for taking the guide seriously
As we all know, a script kiddie is a derogatory term that refers to malicious attackers who uses scripts and programs without the knowledge of how it really works and the main concepts behind it. It is safe to say that they don’t know how to code and they just rip off someone else’s program or script for conducting attacks like website defacement, DDoS (Distributed Denial of Service) or DoS (Denial of Service), or even infecting other users by sending them malware in order to create an army of botnets for fun and profit.
Although script kiddie is a derogatory term, script kiddies could also cause malicious damage just like the average exploiter or attacker. For example, we should not undermine DDoS / DoS attacks as they could take your business offline if there is no mitigation or protection.
The purpose of this article is to add some spicy humor about how some screenwriters behave. As a security professional, do not follow this guide. Alan Wlasuk once said in his article “Help! I think my kid is a Script Kiddie”.
nobody likes a Script Kiddie, except another Script Kiddie, of course.
Following in the footsteps of a script kid can lead you to prison. Nobody wants to end up in prison.
I think everyone likes to improve their skills and further their career, so yes, try harder. Read, read and read; and apply what you learn. Study and learn programming, UNIX, Linux, exploit development, information security and malware analysis. You can also take good courses like CEH, CCNA, OSCP etc.
I’d also like to add that there’s nothing wrong with using the Metasploit Framework, Nessus, and penetration testing distributions like Kali Linux and BackBox Linux, as long as you understand what you’re doing and know how it works. Contributing to such good tools is also one of the best approaches to help the community.
If you think you might be disappointed with what you have become, I suggest you to start by reading the best reference and document on how to be a good hacker called “How to Become a Hacker” written by Eric Steven Raymond (ERS). Therefore, I would like to quote the paragraphs that explain what a hacker is:
The jargon file contains many definitions of the term “hacker”, most of which have to do with technical prowess and the joy of solving problems and pushing limits. However, if you want to know how to become a hacker, only two are really relevant.
There is a community, a shared culture, of skilled programmers and network wizards that traces its history back decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. Members of this culture coined the term “hacker”. Hackers built the internet. Hackers made the UNIX operating system what it is today. Hackers make the World Wide Web work. If you’re part of that culture, if you’ve contributed to it, and other people in it know who you are and call you a hacker, you’re a hacker.
Also Read:The Hacker Methodology 2023
The hacker mindset is not limited to this software hacker culture. There are people who apply the hacker approach to other things like electronics or music – in fact, you’ll find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may also call them “hackers” – and some argue that the nature of hackers is really independent of the particular medium the hacker is working on. However, in the rest of this document we will focus on skills and attitudes. software hackers and the tradition of shared culture that gave rise to the term “hacker”.
There is another group of people who loudly call themselves hackers but are not. It’s people (especially teenage males) who get a kick out of hacking into computers and disrupting the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers tend to think that crackers are lazy, irresponsible, and unintelligent, and object that being able to crack security doesn’t make you a hacker any more than being able to power cars makes you an automotive engineer. Unfortunately, many journalists and writers have been misled into using the word “hacker” to describe crackers; this irritates real hackers to no end.
The basic difference is this: hackers build things, crackers break them.
If you want to be a hacker, keep reading. If you want to be a cracker, read the alt.2600 newsgroup and prepare for a five to ten in the slammer after you find out you’re not as smart as you think. And that’s all I’ll say about the cookies.
Quite a nice essay by ESR, don’t you think? Resist the Script Kiddie side! Use the power and learn the hacker way.
And if you’re interested in online hacker certification, check out InfoSec Institute’s training boot camps!
Sources and additional reading
- How to Avoid Becoming a Script Kiddie
- Help! I think my Kid is a Script Kiddie
- How To Become a Hacker