25 ways to become the ultimate script kiddie

August 25, 2015 by
  1. You do not need to learn C, C++, C#, Python, Perl, PHP, Assembly and other computer programming languages since Kali, Parrot OS, and Backbox Linux have scripts and GUIs for performing penetration testing, wireless cracking, and vulnerability assessment.
  2. Use r57, c100 or c99 shells as your backdoor shells as a proof that you were able to hack their web application and have gained access to the server.
  3. Use the Hail Mary attack in Armitage in a covert penetration test because the GUI is awesome. It is very cool and totally legit. You don't need to know the exploits being launched.
  4. You don't need to study exploit development or all those EIP and ESP stuffs since you can just download any exploits in Exploit-DB or Packet Storm. The Metasploit Framework has a bunch of exploits too so no worries. Some forums have exploit kits that are free to download and you should be all right with it.
  5. Make unbelievable claims that you are the world's no. 1 hacker and write a book about your hack escapades and adventures.
  6. Trust and use SubSeven, DarkComet RAT or Lost Door Remote Administration Tools (RAT).
  7. Use wifite (automated wireless auditor), Gerix Wifi Cracker, WepAttack and Fern WiFi Cracker without having to know how to use Aircrack-ng Suite.
  8. Use Burp Suite Professional's Active scanning always when auditing web apps – it's all about the threads. Also do not trust the Web Application Hacker's Handbook – it takes time.
  9. Treat Acunetix, Netsparker, HP Webinspect, Core Impact and IBM Appscan as your ultimate web application hacking tools.
  10. You don't need to learn about networking, TCP/IP, and IPv6 since there are various GUI tools for automating network penetration testing and network pwnage. You don't need to be quiet in order to hear better, sometimes you need brute force if it just doesn't work out well.
  11. Download as many hacking tools as you can. Fill up your hard drive with loads of it. Turn off your antivirus if it detects some of your tools as malicious.
  12. Create your own security blog that rips off other articles from known InfoSec blogs.
  13. If you can't hack a certain website with your tools, just suppress it by DDoSing their site. Sometimes you just need to annoy them in order to teach them instead of outsmarting them.
  14. Create your own underground group then deface as many websites as you can with your group name on it like "Owned by fs0ciety! Nothing was harmed except your pride" without knowing what attacks you have conducted.
  15. You don't need to understand the concepts of how an operating system works.
  16. Create your own "Self-Interview" without being asked by a news editor and have it published online. Self-promotion is good so that you can spread how you started hacking and share the tools that you used.
  17. Create an ub3rl33t handle with numbers in it e.g. 4h4ck3r, d1v1d3sbyz3r0, z3r0c00l, 3n1gm4, j3j3m0n, m4st3rsw0rd, k3rn3l 3.0, etc.
  18. Do not resist the urge to use LOIC, WiNuke, Cain and Abel, Back Orifice, ProRat, exploit kits, Trojans, and malware without understanding how it works and its underlying concepts.
  19. UNIX is just too old. You don't need to study it. You have Windows, anyway.
  20. Do not contribute to open source tools like Metasploit, Nmap Scripts, SQLmap, and wpscan. Just use them anyway!
  21. Do not responsibly disclose the vulnerabilities that you have found or do not submit vulnerability findings and exploits in PacketStorm and Exploit-DB.
  22. Create an army of zombie computers and botnets by using available tools online. You can rip off some known malware in the wild.
  23. Sometimes you don't need to "Try Harder" as what the Offensive Security Course always says. The easy way is better.
  24. Threaten that you will hack people if they agitate you.
  25. If you have problems installing penetration-testing distributions, just use Windows and download alternative packages and bundles for hacking.

A remedy for the weak of heart and for taking the guide seriously

As we all know, a script kiddie is a derogatory term that refers to malicious attackers who uses scripts and programs without the knowledge of how it really works and the main concepts behind it. It is safe to say that they don't know how to code and they just rip off someone else's program or script for conducting attacks like website defacement, DDoS (Distributed Denial of Service) or DoS (Denial of Service), or even infecting other users by sending them malware in order to create an army of botnets for fun and profit.

Earn two pentesting certifications at once!

Earn two pentesting certifications at once!

Enroll in one boot camp to earn both your Certified Ethical Hacker (CEH) and CompTIA PenTest+ certifications — backed with an Exam Pass Guarantee.

Although script kiddie is a derogatory term, script kiddies could also do harmful damage just like an average exploiter or attacker. We shouldn't undermine DDoS / DoS attacks for example since it could take your business offline if there is no mitigation or protection.

The purpose of this article is to add some spiced up humor about how some script kiddies act. As a security professional, do not follow this guide. Alan Wlasuk once said in his article "Help! I Think my Kid is a Script Kiddie" that

no one likes a Script Kiddie except of course a fellow Script Kiddie.

Following the footsteps of a script kiddie could lead you to jail. Nobody wants to end up in prison.

I think everyone likes to improve their skills and boost their career so yeah keep trying harder. Read, read, and read; and apply what you learn. Study and learn programming, UNIX, Linux, exploit development, information security, and malware analysis. You can also take up good courses like CEH, CCNA, OSCP, etc.

I would also like to add that there is nothing wrong with using Metasploit Framework, Nessus, and penetration testing distributions like Kali Linux and BackBox Linux as long as you understand what you are doing, and you know how it works. Contributing to such good tools is also one of best approaches to helping the community.

If you think that you may be disappointed of what you have become I would suggest that you read the best reference and document for starters on how to be a good hacker which is entitled "How To Become A Hacker" written by Eric Steven Raymond (ERS). Therefore, I would like to quote the paragraphs that explain what a hacker is:

The Jargon File contains a bunch of definitions of the term 'hacker', most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.

There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term 'hacker'. Hackers built the Internet. Hackers made the UNIX operating system what it is today. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker.

The hacker mind-set is not confined to this software-hacker culture. There are people who apply the hacker attitude to other things, like electronics or music — actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them 'hackers' too — and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term 'hacker'.

There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people 'crackers' and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word 'hacker' to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them.

If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers.

Pretty nice essay from ESR don't you think? Resist the Script Kiddie side! Use the force to learn the hacker way.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

And if you're interested in online hacker certification, check out InfoSec Institute's training boot camps!

Sources and additional reading


aurelius is the creator of n00bs CTF Labs, bug bounty hunter, security researcher at Infosec Institute and an application security analyst. He loves playing games and watching movies aside from hacking.