Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      More bad news for memory prices - SK Hynix CEO Kwak Noh-jung

      More bad news for memory prices

      13 July 2026
      China nets a falling rocket in reusability race with SpaceX

      China nets a falling rocket in reusability race with SpaceX

      10 July 2026
      Battlefield tech could save lives on South Africa's roads - Dithoto Modungwa

      Battlefield tech could save lives on South Africa’s roads

      10 July 2026
      Customers prefer ChatGPT to your company's AI chatbot

      Customers prefer ChatGPT to your company’s AI chatbot

      10 July 2026
      South Africans warm to AI doing their shopping: DHL

      South Africans warm to AI doing their shopping: DHL

      10 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Editor's pick » The n00b’s guide to l33t hacking

    The n00b’s guide to l33t hacking

    By The Conversation11 March 2015
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    hacker-640

    Hacking is a state of mind. Traditionally, hackers like to discover, understand and share the secrets they expose. They like to laugh at the dumb things they find. They’re not necessarily in it for the money, more so for the glory of mastering the arcane technicalities of computing. Hackers form a community where the most “l33t” (pronounced “leet”, short for “elite”) hackers gain the most respect.

    But these days any “n00b” (short for “newbie”) can download software tools that take the hard work out of hacking. These tools are often written by malicious hackers, professional security testers or enthusiasts to increase productivity. For example, it’s hard work typing in 3m IP addresses. Much easier to write a program that does it for you.

    Add some features, such as automatic port scanning, banner grabbing and footprinting, and share it with fellow hackers and your “cred” (credibility) goes up. If it’s a really good tool, then you can sell the rights to a commercial cybersecurity company and retire (or work as a consultant). It’s a career path.

    Here are some of the easiest and most potent tools being used by hackers, l33t and n00b for both good and ill.

    NMAP
    Port scanning is a process of finding all of the computers on a network, and finding out all about them. It is a precursor to a malicious hacker (or a penetration tester) launching an attack. It’s like a lion finding the slowest gazelle in the herd. Find all of the gazelles, test their weaknesses, pick the slowest.

    Fydor wrote the NMAP port scanner in 1997 and has been adding functionality ever since. NMAP finds responding computers (by scanning IP addresses), finds services running on them (by scanning ports) and identifies operating systems.

    It runs from the command line. Something as simple as “nmap 192.168.1.0/24” will scan your local network and find your router, PC, game console and phone (if they are connected) and tell you all about them.

    There is a GUI version called Zenmap if you don’t like typing. It also has visualisation tools which display the network.

    NMAP is an essential tool for network maintenance, and I use it all the time when setting up computers, to diagnose networking problems and to find out just what my DHCP server has been doing.

    SQLMap
    Daniele Bellucci and Bernardo Damele AG wrote SQLMap in 2006, using the Python programming language. This tool takes all of the hard work out of SQL injection attacks.

    SQL injection normally requires considerable knowledge of how websites and programs like MySQL store and retrieve information from databases. SQLMap systematically scans for errors while injecting portions of SQL scripts into the target website.

    It collates the results and by brute force (trial and error) and finds the names of the databases, tables and fields in the tables and even the passwords stored in the database.

    The user has to run the program from a command line (by running a Python script) and has to progressively enter longer, and more specific, commands to get the entire contents of the database, but there are handy YouTube videos which illustrate the process.

    SQLMap really lowered the bar for random hacker groups, hacktivists, cyberpunks and LulzSec. It has arguably facilitated massive disclosures of private information, including names, addresses, credit card numbers and medical records. Everybody with a website should run this on their own Web applications before they go live on the Internet.

    PUNKSpider
    A small group of hackers started Hyperion Gray in 2013, demonstrating PunkSPIDER, a Web application (a website) vulnerability search tool and scanner, which allows the user to check for common vulnerabilities without having to conduct noisy and potentially illegal port-scans on a target.

    PunkSPIDER does not attack or exploit websites, but it does make it easy for website owners to test their sites for many of the most obvious vulnerabilities. Unlike port-scanners, scans are launched from the punkSPIDER servers, so it’s less likely to get you into trouble.

    Wikto
    This tool will get you into trouble. Wikto is an enhanced Windows version of Nikto — a Web application (a website) vulnerability scanner which blasts HTTP requests at a target website relentlessly.

    It is a brute-force tool that tries to access admin pages, configuration scripts, misconfigured password files (281 000 of them) just in case they are present. After that it tests for 3 000 known website vulnerabilities, followed by 1 500 GoogleHacks, which lists website vulnerabilities identifiable by Google search strings.

    This tool will produce so much traffic and log entries — at the victim’s server, your Internet service provider and national security agencies — that everybody will know what you are up to. Wikto is a great tool for automatically checking for vulnerabilities on a complex website, particularly if you don’t know its history and you need to maintain it

    LOIC
    No discussion of entry-level script-kiddie tools would be complete without the Low Orbit Ion Cannon, a “stress testing” (denial of service, or DOS) tool.

    Many versions exist, written in C#, Java, JavaScript, and all should be identified by your antivirus software as malware.

    LOIC blasts a website with traffic, overwhelming it and making it unavailable to legitimate users (hence the “denial of service”). Some versions allow thousands of users to simultaneously attack a single target, where the target is chosen by just one of them. Just type in the domain name or IP address, and click on “IMMA CHARGIN MA LAZER”).

    LOIC and its variants (LOWC, HOIC) have been used by hacktivist members of Anonymous and 4Chan to attack (or as they might say, “exercise civil disobedience” against) businesses and governments in response to unpopular decisions, policies, laws or actions. Like any DOS tool, LOIC can have legitimate uses. Stress testing tools allow a website developer to verify that their site can handle real-world traffic.

    Don’t try this at home
    A word of warning: these tools (with the possible exception of PUNKSpider) should not be used on the Internet.

    There are criminal laws about using these improperly. They should not be used to scan/profile/attack (“test”) websites or networks that you do not own or have no legal authority to “test”.

    However, they are great fun to play with and great for testing your own locally hosted or pretend websites. Just turn off your Internet connection (your router or Wi-Fi) before unleashing them – just to be sure.The Conversation

    • James H Hamlyn-Harris is senior lecturer in computer science and software engineering at the Swinburne University of Technology
    • This article was originally published on The Conversation
    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    James H Hamlyn-Harris
    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleStandard Bank warns of downtime
    Next Article Spies set to succeed Fourie at Pinnacle
    Company News
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    Africa's data centres: AI, edge computing and new energy demands - Vertiv OADC Open Access Data Centres

    Africa’s data centres: AI, edge computing and new energy demands

    9 July 2026
    The best way to automate customer engagement using AI and WhatsApp - CM.com

    The best way to automate customer engagement using AI and WhatsApp

    9 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    More bad news for memory prices - SK Hynix CEO Kwak Noh-jung

    More bad news for memory prices

    13 July 2026
    China nets a falling rocket in reusability race with SpaceX

    China nets a falling rocket in reusability race with SpaceX

    10 July 2026
    Battlefield tech could save lives on South Africa's roads - Dithoto Modungwa

    Battlefield tech could save lives on South Africa’s roads

    10 July 2026
    Customers prefer ChatGPT to your company's AI chatbot

    Customers prefer ChatGPT to your company’s AI chatbot

    10 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}