what are the three most effective programming languages for hacking in your view?
#11
Wow, I didn't except this thread to still be active so long after I made it.

These are all very good answers.

So what I'm getting from this is that preferably one would do this:

1. a scripting language (python, ruby, PHP, etc)
2. a systems language (C, C++, Java, etc)
3. JavaScript or Assembly depending on which area of hacking I wanna study.

Yeah, that kind of makes sense. Especially that is, assuming that most websites and mobile apps are programmed in JS and PHP.

So it sounds like to just be good at web hacking, PHP and JS will get you a lot. But it sounds like Python is better in order to get past the basics of web hacking and go to a more advanced level. My only comment is PHP and JS are built into learning web development. So if you know web hacking in those, you don't have to learn a new language. It must be really easy to do it that way, although I don't know if I really wanna do it that way.

I see some disagreements here. Two answers stand out to me as the most informative answers here: poppopret and MuddyBuckets' answers both seemed highly informative, but seemed to be different answers and seemed to disagree. I like both answers though as they both seemed highly informative. I like that poppopret seems to think everyone is wrong to recommend python. I'm not sure which side of the debate to pick, but it looks like both answers probably work it sounds like.
Reply
#12
(08-11-2020, 01:07 AM)poppopret Wrote: Old thread, but because of the gravedig I'll drop my two cents on the subject.

For the most part, it's the same as everyone else said, except you could just use JS as a substitute entirely for Python in specific use cases.

Actually, that's about it. Whatever languages you learn will be entirely varied based on what you're doing specifically.

[...]

I see you know quite a lot and have experience with a bit of everything Smile Thanks for your 2 cents! I agree with you on Python there, that's why I try to avoid using third party libraries when possible. And try to stick with standard libraries when possible, to do things natively. But I imagine it would be easier with C than with Python, especially for lower level operations.

I've decided to take my programming learning more seriously lately though. Been checking some of Berkleys old lectures on youtube and following it with my SICP book. Learning a bit of scheme/functional programmign for starters. But I will follow it up with C later.
Reply
#13
People on this forum give the best advice and definitely seem to be the most well-researched of the different infosec forums around nowadays.

I wish more hacking forums were like GreySec because of the informative answers I get from threads I make like this one.
Reply
#14
(08-11-2020, 07:19 PM)QMark Wrote: Wow, I didn't except this thread to still be active so long after I made it.

These are all very good answers.

So what I'm getting from this is that preferably one would do this:

1. a scripting language (python, ruby, PHP, etc)
2. a systems language (C, C++, Java, etc)
3. JavaScript or Assembly depending on which area of hacking I wanna study.

Yeah, that kind of makes sense. Especially that is, assuming that most websites and mobile apps are programmed in JS and PHP.

So it sounds like to just be good at web hacking, PHP and JS will get you a lot. But it sounds like Python is better in order to get past the basics of web hacking and go to a more advanced level. My only comment is PHP and JS are built into learning web development. So if you know web hacking in those, you don't have to learn a new language. It must be really easy to do it that way, although I don't know if I really wanna do it that way.

I see some disagreements here. Two answers stand out to me as the most informative answers here: poppopret and MuddyBuckets' answers both seemed highly informative, but seemed to be different answers and seemed to disagree. I like both answers though as they both seemed highly informative. I like that poppopret seems to think everyone is wrong to recommend python. I'm not sure which side of the debate to pick, but it looks like both answers probably work it sounds like.

Popporet is right in terms of it's reliance on third party libraries. If you develop something with Python and a 3rd party lib/pkg and the package maintainer has made a mistake it has the potential to break your application. In terms of building big applications in the context of a software development company it may be problematic. The thing is, error messages in Python point exactly to where the error is coming from, and you will be able to find out pretty quickly where the problem lays if you know how to read the error messages.

Every Python library that you have will have been installed locally, as such it's not that hard to correct any issues that may arise from those libraries. Then there is the fact that you can use the base libraries that come with the installation of the Interpreter. Developing with Python at scale can be done reliably if the base packages are employed while writing your own libraries as necessary. Some Python developers including myself call this 'Pure Python'. This addresses a lot of concerns popporet brought up.

On a different note, i wouldn't pick PHP as your scripting language, it's a web development language. JavaScript is as well, however, NodeJS and it's various implementations such as Electron and/or React to name a few make it fairly robust and give it the ability to be used to develop all sorts of things. You can for instance write a Terminal Emulator with Node and Electron. It's just very resource intensive to run such implementations.

That said, personally i enjoy writing Node and even use it for prototyping on occasion.
Reply
#15
(08-13-2020, 11:30 AM)Vector Wrote:
(08-11-2020, 07:19 PM)QMark Wrote: Wow, I didn't except this thread to still be active so long after I made it.

These are all very good answers.

So what I'm getting from this is that preferably one would do this:

1. a scripting language (python, ruby, PHP, etc)
2. a systems language (C, C++, Java, etc)
3. JavaScript or Assembly depending on which area of hacking I wanna study.

Yeah, that kind of makes sense. Especially that is, assuming that most websites and mobile apps are programmed in JS and PHP.

So it sounds like to just be good at web hacking, PHP and JS will get you a lot. But it sounds like Python is better in order to get past the basics of web hacking and go to a more advanced level. My only comment is PHP and JS are built into learning web development. So if you know web hacking in those, you don't have to learn a new language. It must be really easy to do it that way, although I don't know if I really wanna do it that way.

I see some disagreements here. Two answers stand out to me as the most informative answers here: poppopret and MuddyBuckets' answers both seemed highly informative, but seemed to be different answers and seemed to disagree. I like both answers though as they both seemed highly informative. I like that poppopret seems to think everyone is wrong to recommend python. I'm not sure which side of the debate to pick, but it looks like both answers probably work it sounds like.

Popporet is right in terms of it's reliance on third party libraries. If you develop something with Python and a 3rd party lib/pkg and the package maintainer has made a mistake it has the potential to break your application. In terms of building big applications in the context of a software development company it may be problematic. The thing is, error messages in Python point exactly to where the error is coming from, and you will be able to find out pretty quickly where the problem lays if you know how to read the error messages.

Every Python library that you have will have been installed locally, as such it's not that hard to correct any issues that may arise from those libraries. Then there is the fact that you can use the base libraries that come with the installation of the Interpreter. Developing with Python at scale can be done reliably if the base packages are employed while writing your own libraries as necessary. Some Python developers including myself call this 'Pure Python'. This addresses a lot of concerns popporet brought up.

On a different note, i wouldn't pick PHP as your scripting language, it's a web development language. JavaScript is as well, however, NodeJS and it's various implementations such as Electron and/or React to name a few make it fairly robust and give it the ability to be used to develop all sorts of things. You can for instance write a Terminal Emulator with Node and Electron. It's just very resource intensive to run such implementations.

That said, personally i enjoy writing Node and even use it for prototyping on occasion.

What about Python?

Wouldn't it be good to know enough PHP and JS to find flaws in websites that are built in those at least?
Reply
#16
Don't misinterpret my reply.

I never tried to discourage Python in any way really, I simply made the claim that I personally wouldn't use it as a 'final solution' for everything I was making because it lacks inherent robustness and provability in terms of operability. But if you want to write something just to mess around and prove that something is possible, then Python will usually be the way to go for that (even for a surprising amount of lower-level work like userland shellcoding.)

Python is a good language and definitely has its use-cases, but my point is that it still falls short in the same ways that other scripting languages or other more immature projects (see: Go) also fall short of. But, in my specific comparison to Javascript, Python does some degree of strong-typing so it also does some things much better and can result in more consistent behaviour, so it does have its pros as well as its cons.



I wouldn't limit yourself to your list of
1. systems
2. scripting
3. JS or ASM

Specifically the last one. Yes, first two are gonna give you enough foundation to tackle most fields of development, but I'd leave your third one open for whatever you're working on specifically. JS and ASM are vastly different and there are more fields than just reverse-engineering/binary-exploitation and web pentesting. They are definitely helpful, but a lot of malware authors opt for C# or (ab)using the .NEt framework for writing Windows malware in particular. With the advent of Mono and running .NET on various computing platforms, we might start to see more .NET cross-platform malware (although I personally haven't had any remote consistency making Linux builds of .NET applications without porting a metric fuckload of code myself.)

Or if you decide to just learn security but go into more development/soft-eng oriented fields, Java might be up your alley. There's a reason it's used in enterprise settings, and knowing its libraries inside-out would help you pentest enterprise applications to get you big bucks doing contract work for large-scale businesses.

I've also been using some Rust recently, even though it's still pretty immature, but I've seen tests where it actually compiles to code faster than C. LLVM has come quite a long way and the use of safe/unsafe code in Rust definitely makes life a lot easier than having to deal with endless pointers for every piece of data like OpenGL + C++.

It really depends on what you care about enough to learn and where you want to go. Don't limit yourself to specific languages that you want to learn if you're not immediately learning right at this moment. Decide later on, but consider these replies more like guidelines and do your own research to verify any claims made by anyone here, including my own.



(08-11-2020, 11:41 PM)Insider Wrote: I've decided to take my programming learning more seriously lately though. Been checking some of Berkleys old lectures on youtube and following it with my SICP book. Learning a bit of scheme/functional programmign for starters. But I will follow it up with C later.

Yeah, don't bother with SICP tbh unless you're planning on going into software engineering. Functional programming might seem pure and clean when you read it, but lots of solutions can be much worse for performance than typical pragmatic/procedural solutions, like the 'certain recursive number sequence program that starts with "fib" that all first year computer science students learn'. There are some cases where functional solutions are better for performance like lambdas and lazy evaluation, but it still boils down to implementation at the end of the day.

Just learn C. IDK why everyone always puts it off, I know people that have it on their list for years and never got around to even touching it. It's by no means a difficult language to learn lmao. Python has like 5x more keywords than C AFAICT.
Reply
#17
(08-14-2020, 07:47 AM)poppopret Wrote: Don't misinterpret my reply.

I never tried to discourage Python in any way really, I simply made the claim that I personally wouldn't use it as a 'final solution' for everything I was making because it lacks inherent robustness and provability in terms of operability. But if you want to write something just to mess around and prove that something is possible, then Python will usually be the way to go for that (even for a surprising amount of lower-level work like userland shellcoding.)

Python is a good language and definitely has its use-cases, but my point is that it still falls short in the same ways that other scripting languages or other more immature projects (see: Go) also fall short of. But, in my specific comparison to Javascript, Python does some degree of strong-typing so it also does some things much better and can result in more consistent behaviour, so it does have its pros as well as its cons.



I wouldn't limit yourself to your list of
1. systems
2. scripting
3. JS or ASM

Specifically the last one. Yes, first two are gonna give you enough foundation to tackle most fields of development, but I'd leave your third one open for whatever you're working on specifically. JS and ASM are vastly different and there are more fields than just reverse-engineering/binary-exploitation and web pentesting. They are definitely helpful, but a lot of malware authors opt for C# or (ab)using the .NEt framework for writing Windows malware in particular. With the advent of Mono and running .NET on various computing platforms, we might start to see more .NET cross-platform malware (although I personally haven't had any remote consistency making Linux builds of .NET applications without porting a metric fuckload of code myself.)

Or if you decide to just learn security but go into more development/soft-eng oriented fields, Java might be up your alley. There's a reason it's used in enterprise settings, and knowing its libraries inside-out would help you pentest enterprise applications to get you big bucks doing contract work for large-scale businesses.

I've also been using some Rust recently, even though it's still pretty immature, but I've seen tests where it actually compiles to code faster than C. LLVM has come quite a long way and the use of safe/unsafe code in Rust definitely makes life a lot easier than having to deal with endless pointers for every piece of data like OpenGL + C++.

It really depends on what you care about enough to learn and where you want to go. Don't limit yourself to specific languages that you want to learn if you're not immediately learning right at this moment. Decide later on, but consider these replies more like guidelines and do your own research to verify any claims made by anyone here, including my own.



(08-11-2020, 11:41 PM)Insider Wrote: I've decided to take my programming learning more seriously lately though. Been checking some of Berkleys old lectures on youtube and following it with my SICP book. Learning a bit of scheme/functional programmign for starters. But I will follow it up with C later.

Yeah, don't bother with SICP tbh unless you're planning on going into software engineering. Functional programming might seem pure and clean when you read it, but lots of solutions can be much worse for performance than typical pragmatic/procedural solutions, like the 'certain recursive number sequence program that starts with "fib" that all first year computer science students learn'. There are some cases where functional solutions are better for performance like lambdas and lazy evaluation, but it still boils down to implementation at the end of the day.

Just learn C. IDK why everyone always puts it off, I know people that have it on their list for years and never got around to even touching it. It's by no means a difficult language to learn lmao. Python has like 5x more keywords than C AFAICT.

Which is better to start with for web hacking, and social engineering, and also OSINT:

Python or C? Let's just say you had to pick one.
Reply
#18
I'm too biased towards C and more or less everyone here is too biased towards Python to give you a good answer. You need to find this answer yourself.

But C wasn't made for web development or anything to do with high-level application, only made as an abstraction layer from straight assembly. So Python would be better for web-related work.

Social Engineering has absolutely nothing (I mean a literal zero percent) to do with programming, so that's kind of a stupid question.

OSINT is the same as the above, although using web services you could possibly write an application that automates retrieval of data from various other APIs. So do the math there.
Reply
#19
(08-15-2020, 03:04 AM)poppopret Wrote: I'm too biased towards C and more or less everyone here is too biased towards Python to give you a good answer. You need to find this answer yourself.

But C wasn't made for web development or anything to do with high-level application, only made as an abstraction layer from straight assembly. So Python would be better for web-related work.

Social Engineering has absolutely nothing (I mean a literal zero percent) to do with programming, so that's kind of a stupid question.

OSINT is the same as the above, although using web services you could possibly write an application that automates retrieval of data from various other APIs. So do the math there.

So based on what your saying I am gonna do python to be good at web because if it’s better for web related work then that amswrrs my personal question.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  programming books thunder 0 2,101 04-25-2019, 11:28 PM
Last Post: thunder
  Which programming language is good for my need Maxpatricos 2 4,957 09-25-2018, 03:09 PM
Last Post: enmafia2
  Programming from the Ground Up Insider 2 6,662 07-29-2018, 02:44 PM
Last Post: Insider
  is this a realistic and/or good plan to learn programming? QMark 2 6,988 02-27-2018, 11:16 PM
Last Post: ekultek