Hello world. I’ve been a freecodecamp user for many years now. I think I’ve had 2 or 3 accounts over the years. And like a lot of you, I start and then I don’t finish. It’s taken me awhile to realise that I really don’t like to code. Well, that’s not 100% true, I like writing bots that I use in WhatsApp to trick friends into thinking I am talking to them, or making key loggers or writing a script that helps me complete a CTF. Writing tiny scripts, I like that, but I think its the process of building something, say a website/application, this I have zero interest in. The security side of things I’ve been interested in for a while. I’ve gotten a lot further with that than I ever did with coding. Life events + depression has kinda slowed this process a bit, but I go back to it more than I ever did with coding, and I retain what I learned, unlike with coding, where I am constantly needing a refresh. I hope that makes sense?
Why am I writing this? Well, I used to work in Tech Support (I was that I.T guy at a lot of different offices), I use to have a small business that I had to closed a few years back (family reasons, I won’t get into). I still fix the occasional PC, but most of my work relied on me going out to the clients premises and atm I am not able to do that. I have time on my hands, too much time.
I don’t want to sit around and think, spending too much time in your own head isn’t a good thing.
So I am going to use this forum to document my progress and set backs.
I don’t know what the end goal of all this will be, as I am not looking for a career change, I just need to focus on something that gets my mind off something, it don’t make sense I know, but for me it does. Keeping a blog, keeps you accountable.
I’ll post the learning path that I will be taking, once I’ve figured out that part.
I understand the demons of depression and the dangers of having too much time on your hands all too well. Best of luck to you!
I’ve thought about how I want to go about learning “hacking”. In the past I’ve done some CTFs that I got from Vulnlab and I’ve bounced between HTS, PortSwigger Academy, DefendTheWeb and OverTheWire. I’ve also completed some of the CTFs on HackerOne. There is no real structure or learning path to what I am doing, I basically bounce from one to the other once I get stuck and then return later once I know a bit more to complete the challenge or not.
This works for me and it doesn’t. So for now I will stick to only 2 learning recources (well 3 if you count google).
Learning path (not set in stone):
PortSwigger Academy - For learning web application security - I use ZAP instead of Burp and will continue using ZAP for the duration. I will continue from where I was the last time.
OverTheWire - SSH CTF, If you want l33t CLI skillz like John Hammond (the ginger hacker, not the dude that owned a island off the coast of costa rica). I’m going to start over, can’t remember where I stopped and the games are fun so I don’t mind.
I won’t post any spoilers here, I’ll drop them in my discord, don’t want to give it away.
How will I know that I am a Hacker?
I’ve thought about this for a long time. Since there isn’t a time frame on this challenge or whatever you want to call it, I will need to hack something. Completing a CTF doesn’t count. And targeting a random site that I don’t have permission to test/hack is out. So I will stick to the sites that are in the various Bug Bounty programs. I’ll also need to submit at least 3 bug reports to one of the bounty programs. I don’t need to be paid for this, it would be nice, but I really only want the credit for now.
I’ll alternate between study days and “work/hack/bug hunting” days. I’ll update this as much as I can with what I am learning and what bounty program sites I am focusing on and how its going.
Anyways, go well.
Today was a rough day, made some bad decisions. Mood didn’t help with anything. Decided to focus on something else, finished some OverTheWire challenges. They have other games as well, might give them a try sometime.
Played around with ZAP, have to remember to put the ram back in this machine as its a drag using 6.
We don’t have power cuts tonight, well at least until 4am tomorrow morning, but we will have permanent power cuts for the next 2 or 3 years. I don’t know how to feel about this.
Going to workout and then head over to PortSwigger or back to OverTheWire, can’t really watch movies, can’t focus. Reading helps sometimes.
Got some things done today. I think. It’s another bad day, stressed out. Angry. Frustrated. I can still feel it. Right at my core, like a ball or knot. Not much I can do about it. Did a bunch of CTFs, this kept my mind off things. I still have no real structure or routine, but I think its okay. I am moving forward, its better than standing still. I think.
Logged in to HackerOne, picked a target site and then closed it. Not today.
Spending the day reading up and experimenting with POST requests. It’s funny how I thought I new enough about POST/GET requests and then get hit with a curve ball. You never know enough and someone somewhere always knows more. Looks like I am going to use Python for this, it has a Requests library. But if Python doesn’t work for me, no worries, I will have learnt something by the end of this.
Got barley anything done today. Super tired. Feel like one of those lighters that ran outa gas. Just sparking. Did some shopping, did some washing, did some gardening, bought a cheap set of headphones. Opened ZAP, closed it again and then opened it again. Looked at a few sites, can’t concentrate.
Listened to same song on loop, stared at screen. Tried some cryptography puzzles, but like I said, can’t concentrate. Listening to sounds of rain on loop, feels nice. Power is going off in an hour and still have to make supper, too tired to make supper. Toast will have to do. I need sleep, but I can’t sleep. Will try again tomorrow.
Today was better. Didn’t go how I wanted, but I’ll take it. Baby steps right?
Wanted to do more, but no use forcing it. Trying to do more now, before power goes out again. There’s still time, so I’ll use it as best I can. Will try again in the morning.
Sometimes we our own worst enemy. We keep doing the same thing over and over and expect a different result. This is our temper. It keeps trying to add 2 and 2 to get 5. And when that never happens, rage. After rage comes more rage and when all that is burnt up its good old self pity. And that same old
question that loops through our mind over and over “Why do we keep doing this?”
Concentrate, you got this.
Logged into Hacker One and picked a target today. StanFord Uni. They don’t pay bounties, but that’s okay, knowledge will be my reward.
Played around with some of what’s in scope and had that familiar feeling. It’s the same as trying to build something after completing your first programming tutorial or working your way through FreeCodeCamps Responsive Web Design only to hit that brick wall that is completing your first project. You sit staring at the screen completely lost. You learnt so much but know nothing. This is how you learn, you struggle through it. I had an idea of what I am supposed to do today, but I struggled to understand most of it, there was a lot of stopping and then googling to learn something and then going back and then repeating those same steps again.
Power is going out in 40 mins and I am almost done with supper, I’ll get back to it later.
Had to take 2 days off, exhausted, life getting in the way, it doesn’t help when electricity supply is also sporadic.
Back to practice, back to learning. I still don’t know what I need to know, for now we throw things at the wall and see what sticks.
Hey, interesting write ups. Would you like to join me in a hackathon I’m in? It’s got nothing to do with hacking, but you might find it interesting.
Hi thanks for the invite, but I’ll have to take a rain check. I’m going down so many rabbit holes and so many side missions with this task that I don’t want to get overwhelmed (well I’m already overwhelmed). I’ll keep it in mind though.
No worries mate. I understand. Well if you know of anyone who would be interested in such a challenge, do point them my way.
Anyone reading this who might also be interested, please drop me a reply.
I’ve been down another rabbit hole that involves “phishing emails”. I’ve been following the links on one, after someone I know sent it to me asking if the email, which is supposedly from our revenue service is real. It is not. This one isn’t even as good as some of the others I’ve seen, but if you look at it in passing, it looks pretty real. It’s a typical revenue scam, you are owed money, please click here to receive your payment - and of course the - must be done before date x or the money is gone, just to add some urgency to it.
I followed the links just to see where it all ends up. The scammers are using 2 sites, the link in the email takes you to one site and then once you click that link it takes you to another to fill in the “CC” details to get “your payment”. It has all the links and logos from our revenue services but those links don’t work at all. I was trying to see where the cc details are being sent but I just don’t know enough. Once you fill in all your details (I used a fake name and cc )you get to a last page its asks you for confirmation code form your phone (used fake random), but from looking at the script, once you click send, it intentionally tells you the code is wrong and it will do this 3 times and then it kicks you out to the actual login page of the revenue service. That’s as far as I got with this.
I joined HackerOne more than a year ago I think, can’t remember and one of the first things I did was complete CTF challengers for points, when you get a certain amount of points you get invited to a private program. When I did this, I got invited like a couple of days later and I was like “okay cool, I’ll do the next one once I know more”. And then the next one didn’t come. Today I received another invite and I am not going to pass on this one, so I will march down this rabbit hole for a while and StanFord can wait a bit longer (they going to wait long for my noob ass to find anything anyways).