Coding and Scripting for Beginner Hackers

TECHNICAL SKILLSTRAINING

CypherOxide

11/27/20232 min read

a corgi dog wearing glasses and a hat and glasses, typing at a computer
a corgi dog wearing glasses and a hat and glasses, typing at a computer

"The key with coding is to continually build by applying your skills on hacking-focused projects. Even if you start small, the experience compounds quickly. Stick with it and you'll have custom-coded tools that even advanced hackers envy!"

Learning to code and write scripts is a crucial skill for getting into ethical hacking and cybersecurity. Scripting allows you to automate repetitive tasks, develop your own custom tools, analyze data, and program everything from small hacking tools to machine learning models. Understanding and knowing how to code in different languages can be extremely useful when doing deep dives into malware analysis and creating more efficient workflows.

Why Learn to Code as a Hacker?

As a beginner, you may be eager to jump straight into running scans with Nessus or exploiting Metasploit. However, taking time to build core coding abilities will make you far more effective down the line. Aspiring hackers must harness their eagerness to dive straight into running scans and exploiting vulnerabilities, and instead, develop their effectiveness for the long run. Here's why every hacker should prioritize coding:

  1. Automate Repetitive Tasks: Coding allows you to automate repetitive tasks like network scans, freeing up your time for more critical activities.

  2. Diagnose and Analyze Code: Understanding code helps you diagnose and analyze software for security flaws and unusual behaviors, a fundamental skill in ethical hacking.

  3. Customized Hacking Tools: With coding skills, you can create customized hacking tools tailored to your specific needs, providing a significant advantage during engagements.

  4. Program Attacks and Exploits: Writing code enables you to program scripts to launch attacks and develop exploits, granting you greater control and flexibility.

  5. Data Analysis and Visualization: Code can be used to analyze, process, and visualize security data, aiding in threat detection and mitigation.

  6. Machine Learning for Security: In-depth coding skills are essential when building and training machine learning models to detect malware and phishing sites, a vital part of modern cybersecurity.

Foundational Languages for Ethical Hackers

For those embarking on a journey into ethical hacking and cybersecurity, here's a recommended list of foundational languages to learn:

  • Python – Python has extensive libraries focused on everything from network analysis (Scapy) to web app hacking (Requests, Beautiful Soup) to OS interaction. Python’s simple syntax but powerful capabilities make it a perfect starting language. It is extremely versatile and can be used for a lot of automation tasks, as well as being one of the easier languages to learn considering there are many free or low cost learning options available on the web.

  • PowerShell – If you plan on working with Windows based systems, from servers to workstations, understanding this language gives you wizard-level powers. Knowing PowerShell gives you the ability to do deep system diagnostics, change configurations, and even assist in managing various policies in the Group Policy Manager and Active Directory. Having a strong understanding in PowerShell commandlets will help you when doing those movie-style hacking techniques.

  • SQL/SQLite – SQL, or Structured Query Language is essential when you’re managing or creating databases. As a hacker, you can leverage the syntax and quirks of the language to perform SQL Injection attacks to parse information from a database or perform remote code actions. SQLite supports much of the same syntax as SQL, but with less quirks from in SQL servers. This can be a prime language to practice and build experience with if you’re going to working with, or attacking, databases and servers.

  • Javascript – There are many infographics and countless papers out that showcase somewhere around 80% of the clear web runs on Javascript, as well as nearly all web applications. This sometimes frustrating language (it’s syntax is confusing when compared to other languages) is invaluable and as an ethical hacker, you should at least learn to understand how to read it and comprehend its functions and use cases.

  • Rust – Rust is a powerful general-purpose language that is statically typed to address certain pain points of other languages. I often told fellow cybersecurity students in my degree program that Rust was going to become one of the top 3 most popular languages of 2023 and that its user base would grow wildly. The main topic areas Rust addresses compared to others is performance, type safety, and concurrency.

  • Golang or Go – This open source language is one of the fastest to learn and become proficient in, at least based on my experience with it. Backed and supported by Google, Golang is another statically typed, compiled high-level language that benefits from being fast, easy to learn, and used for multiple purposes.

  • Bash – Bash scripting will be extremely helpful, as CyberSec is heavily intertwined with Linux use. Understanding Bash functions will make a huge difference in the long run, especially if you decide to make the jump and run Linux as your main operating system like me. While there are now many different shell environments out there from ZSH, Fish, original Bash, and so many more, you don’t have to understand the different syntax and how each of them function. Since Linux is a hacker’s OS of choice, learning Bash scripting allows you to customize your environment and automate frequently executed commands. Bash skills translate directly to saving time on pen testing engagements.

All of these languages have well developed and extensive manuals, making it easier for you to begin your practice and study. Extensive tutorials, training programs, and lesson plans can be found for each of these languages, giving you more access to hone your coding skills and get you closer to “leet”/1337 level hacker status as a cybersecurity professional.

Practical Coding Projects to Hone Your Skills

To put your coding skills to the test and grow as an ethical hacker, consider taking on practical projects to develop hand-on experience. Some of the coding projects I would suggest include:

  1. Building a TCP/UDP network scanner

  2. Creating an SSH/Telnet-based vulnerability scanner

  3. Devloping a script for brute-focring login credentials or cracking password hashes

  4. Setting up a virtual machine for SQL Injection Attacks

  5. Automating Metasploit attack payloads

  6. Crafting a packet sniffer and protocol analyzer

  7. Constructing a crawler to detect web applications

Start with simpler projects and gradually increase complexity as you gain experience. Practical coding is where you'll truly apply hacking techniques and see the power of your skills. And you don't even have to be concerned about a GUI (Graphical User Interface), all of your projects can be designed to run in the terminal.

Coding Case Study: Tiny Tim Assistant

One fascinating example of coding in action is the development of the "Tiny Tim Assistant," an AI assistant being fine-tuned for InfoSec tasks. This assistant specializes in static and dynamic malware analysis, automating reverse engineering, deobfuscating and decoding scripts, and detecting software vulnerabilities. By leveraging machine learning and natural language processing (NLP), this project demonstrates the incredible possibilities that coding offers in the field of ethical hacking.

In conclusion, the journey of a hacker is intertwined with coding. By continually buildling and applying coding skills, even beginners can develop custom-coded tools that rival those of advanced hacking and cybersecurity. Even if you start small, the experience compounds quickly. Stick with it and you'll have a custom coded armory that even the most advanced hackers envy.

Related Stories