25 ways to become the ultimate script kiddi


  1. You do not need to learn C, C++, C#, Python, Perl, PHP, Assembly and other computer programming languages since Kali, Parrot OS, and Backbox Linux have scripts and GUIs for performing penetration testing, wireless cracking, and vulnerability assessment.
  2. Use r57, c100 or c99 shells as your backdoor shells as a proof that you were able to hack their web application and have gained access to the server.
  3. Use the Hail Mary attack in Armitage in a covert penetration test because the GUI is awesome. It is very cool and totally legit. You don’t need to know the exploits being launched.
  4. You don’t need to study exploit development or all those EIP and ESP stuffs since you can just download any exploits in Exploit-DB or Packet Storm. The Metasploit Framework has a bunch of exploits too so no worries. Some forums have exploit kits that are free to download and you should be all right with it.Make unbelievable claims that you are the world’s no. 1 hacker and write a book about your hack escapades and adventures.
  5. Trust and use SubSeven, DarkComet RAT or Lost Door Remote Administration Tools (RAT).
  6. Use wifite (automated wireless auditor), Gerix Wifi Cracker, WepAttack and Fern WiFi Cracker without having to know how to use Aircrack-ng Suite.
  7. Use Burp Suite Professional’s Active scanning always when auditing web apps – it’s all about the threads. Also do not trust the Web Application Hacker’s Handbook – it takes time.
  8. Treat Acunetix, Netsparker, HP Webinspect, Core Impact and IBM Appscan as your ultimate web application hacking tools.
  9. You don’t need to learn about networking, TCP/IP, and IPv6 since there are various GUI tools for automating network penetration testing and network pwnage.
  10. You don’t need to be quiet in order to hear better, sometimes you need brute force if it just doesn’t work out well.
  11. Download as many hacking tools as you can. Fill up your hard drive with loads of it. Turn off your antivirus if it detects some of your tools as malicious.
  12. Create your own security blog that rips off other articles from known InfoSec blogs.
  13. If you can’t hack a certain website with your tools, just suppress it by DDoSing their site. Sometimes you just need to annoy them in order to teach them instead of outsmarting them.
  14. Create your own underground group then deface as many websites as you can with your group name on it like â€œOwned by fs0ciety! Nothing was harmed except your pride†without knowing what attacks you have conducted.
  15. You don’t need to understand the concepts of how an operating system works.
  16. Create your own “Self-Interview†without being asked by a news editor and have it published online. Self-promotion is good so that you can spread how you started hacking and share the tools that you used.
  17. Create an ub3rl33t handle with numbers in it e.g. 4h4ck3r, d1v1d3sbyz3r0, z3r0c00l, 3n1gm4, j3j3m0n, m4st3rsw0rd, k3rn3l 3.0, etc.
  18. Do not resist the urge to use LOIC, WiNuke, Cain and Abel, Back Orifice, ProRat, exploit kits, Trojans, and malware without understanding how it works and its underlying concepts.
  19. UNIX is just too old. You don’t need to study it. You have Windows, anyway.
  20. Do not contribute to open source tools like Metasploit, Nmap Scripts, SQLmap, and wpscan. Just use them anyway!
  21. Do not responsibly disclose the vulnerabilities that you have found or do not submit vulnerability findings and exploits in PacketStorm and Exploit-DB.
  22. Create an army of zombie computers and botnets by using available tools online. You can rip off some known malware in the wild.
  23. Sometimes you don’t need to “Try Harder†as what the Offensive Security Course always says. The easy way is better.
  24. Threaten that you will hack people if they agitate you.
  25. If you have problems installing penetration-testing distributions, just use Windows and download alternative packages and bundles for hacking.


Leave a Reply