What do you need to start hacking?

What do you need if you want to start hacking or programming where I think that if you know how to program it is easier to hack or not? Can you possibly recommend me a book that explains the processes well? Which programming language should I learn? Or do I have to learn one at all? Do I need a laptop? Can you recommend me models in the range up to 700 euro?

You need to know so much that it might make more sense to do an apprenticeship.

As a book maybe: "Hacking, the art of exploit" - or in the original: "Hacking Art of Exploitation" or something.

Explains the basics, but also requires some knowledge - e.g. With the programming language C.

Otherwise online tutorials, there are also (online) challenges where you can try them out. Don't expect to be the big hacker right away. :-p

You can hack on a 10 euro scrap PC, it doesn't matter. Hacking is also a topic with many classes… If you can program it will be easier for you to hack. So learn to program.

If you have no programming experience, it will be difficult. You should start with the Python language, which teaches you the structure of the programming, and once you have mastered it to a certain extent, you can also learn other languages such as JavaScript, which will help you a lot with hacking. In addition, you should register on Hackerone, where you can legally hack a selection of companies (including Facebook & co.) If you then report the found one. There's also money for it. I can also recommend the Youtuber "The Morpheus Tutorials". With him you can learn everything to do with programming, including ethical and web hacking. Last but not least, you should still deal with the functionalities of the Internet, what is it, how does it work etc. Then you should be ready to pick up your first bounties (rewards).

You apparently have no idea… There are numerous tutorials on Youtube on the subject, as well as languages such as Python and JavaScript, which are an important basis. Everyone can do this as a hobby or learn, it took me about a week to get all the important attacks (XSS, SQL Injections etc.).

I have described what you should / should know as a hacker here: https://hackenlernen.com/blog.php?t=hacken_lernen_hacker_werden

There are also many directions in which you can go and they require very different skills and also have very different hardware requirements!

If you want to get an overview, take a look around here: https://www.amazon.de/..._sb_noss_2

Most of the books give you a little insight using ready-made tools so that you have an overview of what is there and what is possible.

Unfortunately, I have to agree… What do you do if a WAF or other filter screw up the tour and you have to do it by hand. Do you know SQL so well? Can you then automate the attack you found?

Can you also determine the server service versions and possibly attack them yourself?

Uff, I didn't mention that I've been programming for over 5 years. Of course I know SQL, I'm very good at Python, Java, Javascript, C # and (even if they are not 'real' programming languages) HTML & CSS. I thought that in total I only needed a little over a week to learn penetration testing etc. There are simply numerous tutorials that bring the whole thing closer.

Already clear but many attacks are based on misconfigurations in WAF or the server services. Therefore you should also know how to set it up, harden it and wait otherwise you will have no idea what you could do wrong or forget.

In addition there are things like network basics, if you are dealing with firewalls, for example, the structure and the nesting of packets and protocols is very important. For other attacks, too, things are used that are based on the protocols.

You learned a week and now think you can do everything important?

And you may have programmed for the first time 5 years ago, but 5 years of programming experience is not if you look at your previous answers.

So in your place I would be careful with statements like:

You seem to have no idea…

Attacks like the ones you see on YouTube I see at work every day. Kiddis trying to attack a company whose data is public anyway.

The most violent attacks were mostly not technical, but social engineering.

With your 5 minutes watching and using YouTube video, you bring me nothing more than a few denys on my firewall.

What exactly does that have to do with my answer? Or did you want someone else to answer?

You can see as a general what is above all your arguments.