Jun 06, 2020

Best programming languages for hackers

Do you want to learn hacking? That's great, it is an awesome topic to learn. Some of you may interested in web application hacking, while another one likes exploitation techniques. Also some people want to learn malware analyzing and reverse engineering. No matter what you are going to learn. But you will definitely need a solid understanding about computer programming. So in this guide we are going to see some essential programming languages for hackers.

Why you need programming?

We can say “Hacking” is exploiting a vulnerability in a system. You know a software or any computer Operating system is built with the help of programming languages. So if we are going to attack them, we must have a good understanding of how they are made. For an example if we want to do a SQL injection attack we want to understand how SQL based web applications are developed.

Also we need to automate stuff those are boring to do. Let’s say we need to rename a WordPress theme. Actually this is not a simple process as you think. You have to open all and every PHP, CSS and JavaScript files. Then you need to find and replace original name. Also you need to rename all of these file names too. Best way to do this is write a script to automate this. So programming is used to automate stuff and build tools. They make our life more comfortable.

Python as a Scripting language

 

There is no doubt. Python is the most used scripting language in hacking. Many of popular tools such as Nmap, Hulk, ReconDog etc. are written in Python.  These scripting languages are easy to use. Because we don’t need to compile them. So in most tools we don’t worry about input filtering, error exception etc. Because we use these tools by ourselves. Just write the script and run it to do the task.

 

Let’s see some uses of Python. Think you are given a text file containing a list of URLs of web pages. You need to visit all of these web pages one by one and download all images from each of these web pages. It is a very hard work to do manually. If use Python knowledge for this task. A python script will do this task under a one minute. What we do is open the file and save all these URLs in a Python list. Then we use requests module to fetch the web page and use beautiful soap to extract image links. Finally, we download images from the URL.

 

For another example let’s assume we want to generate a specific password list. Then we can use some Python loops to generate words and save those in a text file.

Now I hope you got a clear idea about importance of Python.

Another scripting language we use is Ruby. This is very similar to Python. If you learn Python, you can understand Ruby scripts too.

You may know that the popular Metasploit framework is written in Ruby. (Actually MSF originally written in Pearl and it completely re written in Ruby).

I suggest following resources to learn Python.

  • Learn Python the hard way by “Zed A show”
  • Black hat Python
  • Python system hacking essentials
  • Our Python programming tutorials

C and C++

I think the best way to get a good knowledge about programming is learning C. C has a great connection between mashing level. You can learn System architecture in  deeply with C programming.

C is a cross platform programming language. I suggest you to start with a Linux distribution. Install GCC on Linux and start coding. Develop tools and understand system architecture. To become a successful hacker you need a good knowledge in structures, pointers , data concepts etc.

Try to build some tools. Also try to re code basic Unix utilities like mv, cat etc. Then learn more about  network programming, algorithm building etc with C.

After you play with Linux  and C , take a look at Windows programming. Many of basic theories are same. You can learn about Windows APIs Specific Windows libraries etc.

C++ is an object oriented programming language build on C. To develop your OOP knowledge you can learn C++.

Following are some great resources to learn C and C++.

Assembly language

 

Assembly is a low level programming language. You know that these low level languages are more close to the mashing. As well as they are hard to understand by humans. We write Assembly programs to specific hardware. So they are very fast and have a high performance.

Why you need Assembly? A good question. Assembly is needed to do some advanced stuff. Most common task is reverse engineering. Reverse engineering is the process of disassembling a binary and try to understand its behavior and source code.

It is not possible to get the original source code directly from a binary. We can only get the Assembly instructions the binary executes on the CPU. So we  have to read those Assembly and imagine high level code.

Sometimes we need to write programs for specific hardware devices. Then we use Assembly.  As well as when we write a shell-code we cant use a high level programming language. Because we run it directly on CPU. So we write it in Assembly and get Opcodes.

There for we need a good knowledge in Assembly to learn real hacking. But how you learn it. Isn't it very hard to learn? Actually Assembly is hard when we compare it with high level languages. But you can learn it easily. 

First you need to learn some basic assembly commands such as MOV, ADD, etc and their syntax. After learning basics you can do experiments with Assembly.  When I learned assembly I used following method.

First I wrote some basic programs in C and compiled those programs. Then I used a disassembler and got thew assembly instructions. Then I tried to understand how those Assembly instructions build the binary to do the task.

You can use GCC to compile them and GDB to disassemble binaries. IDA is the best option for widows platform.

PHP and SQL

PHP is a server side programming language. You know that these server side languages run on the web server and returns pure HTML formatting to the web site visitor.

 

 SQL is a database management language. Actually it is not a programming language. SQL stands for structured query language. We can use various SQL commands to manipulate data on a database. We can create, edit, delete databases and tables. Also we can insert, edit, and delete data on these tables using SQL. The concept SQL injection is built on these SQL based web applications.  The goal of SQL injection is to inject a malicious command to a web app.

All web applications are not made with PHP. There are many other web application development techniques such as JSP, ASP and even some custom web applications wrote with languages such as C or Java. So we need some knowledge on these languages too. What I suggest is first learn and master PHP and SQL. Build some web applications using PHP. Then start to learn other languages. You don’t need to master them. Just get an idea about the syntax and the structure.

 

JavaScript

 

In early days JavaScript used as a client side web programming language that executes in the user’s browser. Now a says it becoming more popular. Most of modern web applications are based on JavaScript. Also there are hundred od libraries and frameworks for JavaScript. If you are planning to learn web application hacking, this is a must to learn.

Aug 12
Outputs in C

In C there are number of ways to getting output to the screen.You can use them according to your....

May 03
C programming file descriptors

File access is an essential feature of any programming language. In C we can use two methods to....

Aug 12
Linux directory structure

Using a Linux distro is a completely different thing. If you are a windows user you can see they....

Replying to 's comment Cancel reply