Hacker, Researcher and Author.

Can I Become A Good Hacker Without A Prior Knowledge Of Programming??

"Can I become a good hacker without knowning Programming?", "Is Programming necessary for learning how to hack", I usually get these question asked almost daily, There have been lots of debates on this topic, Some think that it's necessary while others think that it's not necessary at all, So I thought to write a post on this topic explaining my views if programming is necessary for becoming a hacker or not.

The answer is that it depends:

Why it's not necessary?

In early 90's the best hackers were known as those who were best at the knowledge of programming and the reason for that was probably that almost every thing was based on a command line so it was for sure that if some one is a good hacker he is surely a good programmer.

However the definition of hackers sort of changed after the beginning of 21'ST century, One could become a fairly good hacker without any knowledge of programming, This reason for that is because now a days there are lots of ready made tools which helps you to compromise a machine without any knowledge of Programming, Take an example of "Havij", Havij is a small software which helps you automate the process of SQL Injection and helps you extract sensitive database information in seconds where it may take hours in some cases to extract it, If you still don't agree with me try answering the following question:

Does it matter if an elite hacker writes a buffer overflow or a script kiddy runs a tool if the target system gets compromised anyway?

Where It's Necessary?

It's true that many good hackers are technology buffs and are curious about how things work, this is where you need to have prior knowledge of Programming in order to know how things work.

Another reason is why you should probably learn Programming is that you can write your own exploit (An exploit is a peice of code which can be used to gain access to the target machine using a specific vulnerability), which is the single most important thing which will separate you from rest of the script kiddies out there and most of the times some of the exploit codes comes with several code mistakes which are kept by Elite hackers themselves to prevent script kiddies or people with very little knowledge of hacking to run it.

In Short:

You can become a fairly good hacker without having a prior knowledge of programming but if you want take your hacking skills to the next level I will recommend you to learn Programming now the question which might arise in your mind is that what Programming languages should I learn?, I will cover it in my upcoming posts.

Feel free to express your views on the topic, Whether you agree with me or not?


  1. Yes, Raffay I agree with you programming language is necessary to learn and also in which languages do you master? Well i am learning c++ at present and i,ll also appreciate some good ebooks for it, If you have any then do share.

  2. whether c++ would do، then vb then pythoon etc.... According to me it would me more easy for anyone to learn hacking after a good knowledge of programming,,,,,,,......

  3. Hmmm......waiting for your next article

  4. Do you know any programming language??...

  5. Script kiddy runs some program and compromised it but the point still same, how a script kiddy cover their path, they can easily be traced because of no knowledge of all the network structure and computing. So in my views everything has its own importance, you need to learn all the things about computing to become a expert.

  6. @Wamiq Ali
    Wamiq I will share all those stuff in my next post.

  7. I really like ur articles,god bless u with more knowledge...

    But i think to become a hacker he must know the below mention art

    firewall works
    and most imp he must know about database architecture
    c programming is enough i think

  8. @Anonymous 4
    I am not a master Programmer, but I know a bit of C/C++, Assembly Language, SQL etc.

  9. @Ethical
    As you mentioned that script kiddiy may run some program to compromise a machine, but can't they run any tool to hide their identity?

  10. The programming languages like C,C++,Python,Java etc. and other web designing languages are not difficult to learn.Any body will learn these languages in months. The only need is to create interest about these languages and of course practice makes a man perfect

  11. I only known simple algorithm designs , will be learning programming in my next semester, wish to have a prior knowledge by then, if you can help with some ebooks and programming codes. will be much appreciated.

  12. @Ethical, i am a Script Kiddie and i know how to be anon on Internet... Today IP hiding softwares and VPN are common and even a kid that use internet knows about them.... Learning programming is not nessasary in early stage... On my daily basis i use Diffrent kind of Softwares but before using them I always active my Firewall to see what changes they are making in my system... Where are they connecting to internet... Are they Transferring my data or not? even if they are FUD i can still track that what are they doing...
    in other words... If you are afraid of mistakes means you can't learn anything

  13. @Dear
    Every language has it's own importance in the field of hacking, I will covering it more in my next article

  14. @Eliaster
    I wish you best of the luck brother and yes I will be posting links to some Programming E-books.

    I agree.

  15. @Ethical Hacking Covering a path is also matters but i think today scipt kiddy can also do that well :P Without having an advanced programming knowledge, But yes this must be accepted that a script kiddie can not make his own exploit for an advanced web application, but he can use already made elite hacker's script and also some time he is capable of modifying it. Rafay is also Correct regarding his point.

  16. rafay baloch cntact me if u have a ime i have a par time job for u rs.30000 per month if u want then cnact me i have a projec for u.


  17. Haha... Rafay, I know that you cant code and yet you have delusions that you are a 'hacker' let alone a good one. Any fool can click a button to launch an exploit. What matters is whether you can discover a yet undiscovered vulnerability in a system. Even becoming anon in the internet is no big deal. Yes, the average user cant do that. But even a 12 yr old kid with a month or two of computer usage can do that.

    Hacking is not and never was about bringing down a system. It was always about building one. Obviously you have not read or do not want to acknowledge the existing literature on hacking because if you did you would have to come out of your delusions.

    Show me one hacker who was/is not a awesome programmer (no you and Fadia and others like yourself do not count). The very good hackers (like Linus, RMS, Bill Joy, Cox) spent thousands of hours programming, fine tuning their craft. And you see yourself in that league? Haha..

    Dude, I can understand that you have decent computer skills and as a kid your parents and friends thought you were awesome. That level of skill is impressive if you are 10 yr old. But not when you are 20+.

    Oh yes, I know you cant dare publish this. But I don't care.

  18. @Dear : Who told you C,C++, Python and Java are web designing languages. And no, it does not take months, it takes a few hours to learn how to use these. But it would take 3 yrs at the least to learn where to not use these. Learning 10 different languages is no big deal. Learning one well is enough. Learning algos (and formulating your own) and data structures is what makes one a programmer.

    I recommend you read http://norvig.com/21-days.html This is a blog by Peter Norvig, currently the Director of Research at Google.

  19. @Sandip Dev
    If you had read the post carefully then you would have probably not commenting, Didn't I mention that to be an Elite hacker you need to have prior knowledge of Programming, It seems from your comment that you feel that a hacker is some one who just knows to code, If this is the case hacking is lot of massive domain, Apart from Programming you must know about Networking, How can you attack a network if you don't know how it is constructed, If you don't know where is the router?, If you don't know about protocols, Hacking is not only about creating exploits and using them, There are tons and tons of phases, Let's talk about major Hacking and Security related certifications like CISSP, CEH, SANS etc, Is the knowledge of programming required to pass these?.

    Does it matter that if an Elite hacker writes a buffer overflow exploit and a script kiddie uses it to compromise a system?, The bottom line here is that the target gets compromised any way.

    Seems like you lots of knowledge related to programming, Tell me how many Zero Days and exploits have you written?

    I never said that I am the best nor I said that I am a pro hacker, I have been learning slowly and have been enjoying every bit of it.

    Let the readers decide now!

    Note - Anonymous comments will be rejected.

  20. @Rafay: I never said knowledge of networking is not required.But even to exploit yet undiscovered vulnerabilities in a network(or a network service) one will still need to write code, and pretty complex one at that.

    As for those certifications, personally (my opinion and you are free to disagree) i dont really care about those. I have seen MCSD's who dont know how to install linux and Java certified guys who dont understand RMI. As for CEH (its Fadia's certification right?), its outright fraud. CISCO certifications are good if one is looking to be a network administrator but it has nothing to do with hacking. I dont remember any hacker/cracker who did Cisco certification. Some of my friends have Cisco certifications and they are now working at Cisco as specialist in setting up and diagnosing networks. I have heard SANS is good but I dont know anything personally, so I wont be able to comment. Other than CEH, CIsco and SANS are industry recognised and will give you a decent job as a network admin.

    AS for my knowledge, my interest laid in mobile and embedded tech and high performance computing. I dont claim to know much about computer security and I certainly dont have any zero day exploits to my name. But then I am not going around creating a blog on hacking (plagiarizing articles) and creating my own FB page ;-)

    Of course if u are interested in a few of the stuff I have done you could check http://blogs.oracle.com/sandip/entry/finally_its_done_cube3_div
    and also http://blogs.oracle.com/pmonday/entry/tweeting_your_sun_storage_7000 (nothing big but was fun)

  21. @Sandip
    First of all I would like to correct you that CEH is not Fadia's certification, The course of fadia is known as AFCEH, Personally I have gone through the whole course and I don't think worth the money, He may not be a noob but he is certainly not a master hacker as he calls linux as a crap for hackers and I don't want to discuss on him any more, Eccouncil's CEH is one of the best hacking certifications out there and they also recommend usage of automatic tools, My point here is that even the biggest certification related to Ethical hacking and Pentesting recommend the usage of automatic tools.

    As for Plagiarism I don't copy articles, I try to put my effort in creating the best possible content so even a noob can understand it. As for my personal page there is nothing wrong if I am doing marketing for my blogs and my books.

    and also http://blogs.oracle.com/pmonday/entry/tweeting_your_sun_storage_7000

    I appreciate your knowledge related to your subject, but my question was for some zero day exploits which you have answered.

  22. @Sandip Dev, let us understanding each other, Rafay never made claim that script kiddie were better and i've read the article (http://norvig.com/21-days.html). You see, its not everybody that has the time/committment to understanding the rudiments of hacking and as you've both said hacking is a broad subject, it's intricacy is broad, some people just want to get certain task done while other want to understand the in-depth concept of how certain task is being done. Its just a matter of choice and area of interest, and what Rafay was just doing was clarification.

  23. @Sandip Dev,

    rafay is goes without saying. he is doing a great job as he share all his knowledge and experience to his users in easiest way without any cost and condition.

  24. @egyhacks And @Ifeanyi

    Thanks for your precious comments.

  25. @Sandip Dev

    let me first define hacking
    according to me hacking means breaking some ones computer ("like breaking in and getting a shell to connect back to do mischief work "
    it doest mean that u have to use ur own exploits .if thats the case u would have hardly seen any exploits on the internet ........,nobody would have shared there codes , exploits
    ................ tools , .... metasploit ....and even windows os ...linux .........

    ...if u continue to post these kind of comments ,then u have no right to use some ones tool like namp ,.............or even ur windows os which ur using

    finally from the way u comment i see u are selfish ,and u envy on others success .........

    please change this kind of attitude ...............or just shut up ...........

  26. Damn, Sandip you are extremely selfish...

  27. Pretty nice thread as well as nice discussion is going on well first of all i totally agree that without proper programming whether in C,C++,java or Assembly(low level)can't call your self exploitation expert because you wont be able to make you own cryptor so whats the point of talking about remote access if you cant make something undetectable and CEH(certified Ethical Hacker) by EC council is the best step by step approach to understand, train and use different tools for EH those who deny this fact i bet they have not gone through CEH v6 and guy who was talking about linux is tool let me remind that top hackers of world are mostly from linux developer as well as GNU AUTHOR care to search about these :)

  28. @Zohaib
    First of all let me tell you one thing that CEH, SANS, CISSP etc are recognized world wide as one of the best certifications out there for Ethical Hacking And Security care to search about these, Talking specifically about CEH, Yeah I do believe that it's not good as SANS and others but CEH will only take you to the intermediate level(If done Properly) there is a more advanced cerfiication ECSA which you are only eligible after passing the CEH exam, it talks related to more advanced Hacking techniques(Care to search about those too).

    The point I was trying to make all of you clear that even those world renowned ceritifications recommend the usage of automated tools.

    Your statment:
    "i totally agree that without proper programming whether in C,C++,java or Assembly(low level)can't call your self exploitation expert because you wont be able to make you own cryptor so whats the point of talking about remote access if you cant make something undetectable"

    I never neglected the fact that these Programming is not necessary, but do you honestly think that only "Exploit creation" is hacking, Let me remind you one thing that Hacking is alot wider domain than you probably think.

    Kindly answer me a simple questions - "Would you prefer to code your own crypter trying to bypass antivirus signatures and working hours and hours on it to make it FUD or would you just pay 20$ to get it from a Russian forum"

    There is alot to say, but it's enough I believe to make the readers decide themselves, I regret If I offend you in any way.

  29. @Rafay, your statement,

    {Would you prefer to code your own crypter trying to bypass antivirus signatures and working hours and hours on it to make it FUD or would you just pay 20$ to get it from a Russian forum}

    will you call that a fairly good hacker also? because according to your post you said "You can become a fairly good hacker without having a prior knowledge of programming"

    To me i don't believe the definition of hacker has changed, someone who has the skill to modify source code, identify bug and do some crazy stuff with piece of code. Its people that don't understand what hacking means that changed the definition. real hackers knows themselves.

  30. @Ifeanyi

    Well answer me a simple questions:
    Does it matter that if an Elite hacker writes a buffer overflow exploit and a script kiddie uses it to compromise a system?

  31. I definately agree with Rafay on this issue regarding programming.

    I personally feel that having programming knowledge will help you in developing tools by yourself at a certain conditions. Sometimes traditional tools are unable to compromise system due to advanced security mesures. At this point you need coding skiils to create situation based small program toold to complete your task.

    Without programming if you still want to survive then you should be damn good network geek. Even then programming knowledge would give you an edge over others.

  32. @hack101 & @Erick : Well I like to call a spade a spade.If that makes you think I am selfish then so be it. We are entitled to our opinions. Though in this case, mine is correct. Selfish, I am not. But smug and arrogant, hell yes.

    @hack101:Your definition of hacker is wrong. The entire hacking community disagrees with you. If you have the time and inclination, do read "The New Hacker Dictionary by Eric S Raymond" where you will find the definition of 'a hacker'. Of course, you can still insist that you want to stick to your own definition (that comfortably suits your pedestrian programming skills) but between you and Eric Raymond, I would rather agree with him.

    PS: If you dont know who Eric Raymond is then you can google up.

  33. @Sandip Dev
    Ok sandeep let's assume that you are right with your point(Though you are not =P), what can you hack?

    Pointing fingers on some one and calling some one noob really easy, Let's see what can you do?

  34. Rafay I agree wid you, try to ignore these type of persons, they couldn't acheive any thing in this world so they try to take down others in other words they are extremly selfish, I wish you good luck and can you kindly post an article on "Tabnabbing".

  35. @Rob: " they couldn't acheive any thing in this world so they try to take down others in other words they are extremly selfish,"

    May be if you would check my CV(available on my blog) you might revise your views. Also I am not sure how starting a blog is an achievement in itself. May be it is for some people.

    @Rafay: "What can you hack?" Well if you understood what 'hacking' is you wouldnt ask this question. i am good at a few things, like Linux, OPenSolaris, java (had identified 2 minor bugs in the sun vm). These days I m playing with android.

  36. @Rob
    Thanks for your precious words, I will make a post on tabnabbing pretty soon.

    @Sandip Dev

    Actually the way you are commenting looks like you think yourself as some one like Kevin Mitnick or Eric Raymond, Knowing linux, OpenSolaris, Java does not mean that you know hacking, I doubt if you really know how to use kernel exploits :).

  37. I agree Rafay. Hacking isn't what it used to be back in the beginning. Today, there are thousands of programs available to automate every single attack and technique you can think of. Believe it or not, there are even programs that pretty much do all the hard work in finding exploits and putting together exploit code. All without having to program a single thing.

    You can do full and thorough penetration tests without ever having to put together any code. To tell you the truth, you most likely won't ever have to write any code for any pen tests that you do.

    It's true though, programming will make you a much better hacker, and help you gain a better understanding of how most of these attacks work. Also, you may have to put together custom scripts for unique environments that will help you automate things better and just save you time in general.

  38. @Rafay: Dude, your and mine definitions of hacking are very different. For you, its using some point and click tools to (try to) gain access to a system. For me, it was and will always be about solving bugs, writing some nifty code that helps someone, in short for me its about creating while for you its about trying to destroy.

    I do not think of myself as either Mitnick or Raymond (by the way taking Mitnick's name in the same breath as Raymond is a huge insult to the latter and almost every other hacker). That being said, I have a better understanding of the subject (considering that I have a degree in CS) than anyone (tall claim yes) who visits your blog. So I guess I have some authority to comment.

    As for running Kernel exploits, Metasploit lets you do that with just a few clicks. Nothing rocket science in that. The credit goes to the guy who discovered the exploit and not to some script kiddie who ran it. Incidentally, I compiled a Linux kernel when I was 12(2.2 kernel did not support graphics on my i810 board, so had to compile 2.4). I was and still am more interested in linux programming like writing my own scheduler instead of using the Linux scheduler etc.

    For me, a hacker is a very good programmer (and not someone who knows a lot of languages. Anyone can learn a language in less than 2 days). People who use point and click penetration testing software are not hackers. Almost every Indian IT company has penetration testing services where people use these kind of tools for risk and compliance assessment and they dont call themselves hackers.

    I would say that u know more about computing than guys your age and your interest is commendable. You could really become a hacker someday.

  39. @Sandip Dev

    For you hacking=Programming, but As you said "We are entitled to our opinions", So if you would take my opinion I would disagree with you, I do agree with you that metasploit allows you to do it with few, but before that you really need to discover the vulnerability in a target machine that's the hard part, Even automated scanners generate false positives.

    As you said above in comment# 19 "Learning 10 different languages is no big deal. Learning one well is enough", and now you are saying "For me, a hacker is a very good programmer (and not someone who knows a lot of languages. Anyone can learn a language in less than 2 days)"

    "People who use point and click penetration testing software are not hackers. Almost every Indian IT company has penetration testing services where people use these kind of tools for risk and compliance assessment and they dont call themselves hackers"

    I believe that the entire the hackers community will disagree with you even your ideal "Eric Raymond" too.

    You are violating your first statement.

  40. There is more to programming than just learning languages and using point and click penetration testing software. Its what u can do with that language matters. You can read Peter Norvig's article to understand what I mean.Good programmers are good algorists.

    While I would agree that detecting vulnerabilities is not very easy, but most near zero day exploits will work because most sysadmins i have seen are lethargic in running updates. My own univ (where i did engineering) ran very old versions of the mail,web and proxy servers and their systems had been cracked quite a few times. The security was utterly and completely lax.

  41. @Sandip Dev
    One thing I want to make you clear that Zero day exploits will even work if your system is fully updated, else it would not have been called a ZERO DAY exploit, I truly agree with the fact that lots of universities and institutes run older versions of the softwares in their webservers(Even WebServers too making hacker more easy to get the root) as a result of which they get exploited, But there are lots of ways to get things to work our way, You can attack them straight from Physical layer to the application layer there is always alot to do and securing them is not so easy.

    Read More:

  42. I believe it is not necessary to know a programming language to be a good hacker. Hacking is a multitude of different skills. There's social engineering, programming, lock picking, cryptography, hardware, software, etc... You don't have to excel at every different aspect of it. Yes, programming can be useful, but it is not mandatory. I, personally, don't know an ounce of programming, yet I excel at lock picking, social engineering, physical security, and (here's a weird one) hypnotism.

  43. @Anonymous 44
    Thanks for posting such a useful piece of information, It would be really nice if you would share some of the lock picking stuffs with RHA readers.

  44. @Rafay, I'm not much of a teacher, but I can recommend some excellent books on the subject. Unauthorized Access by Wil Alsopp has a very informative and practical chapter on lock picking (the rest of it covers other aspects of physical security). Another good one is No Tech Hacking by Johnny Long.

    Note: Lock picking is greatly learned and perfected by practice and experience. Books can only give you so much on the subject.
    Hope that was helpful...

  45. @Anonymous 46
    It would be really good if you could take some pictures and exactly tell RHA readers the basics of lockpicking.

  46. @Rafay Baloch

    great discussion going over here . according to me u should know both (understanding the network and programing ) to be a successful hacker . you should be able to write your own tools or at least u should be able to modify tools according to your needs ,tools are things which should be used to enhance your thinking ,at same time if u dont know anything about networking or what actually is happening when u run an exploit ,etc . u will not be successful hacker , they both go hand in hand ..and about the automatic tools u mentioned ,they are useless if dont know how to modify it . There will be various places where u need to modify those tools to work so programming is a must..

    and @hack101 and Erick Kyles
    i agree with u sandip dave is really selfish ,and he envies on others success

    But at the same time rafay is no different he uses his blog to earn money , selling products such as sniper spy ,winspy ,etc(he gets commissions ) and calls them hacking ,Sniperspy is just spy software .. and you call it as hacking ..really funny ,And the books which he has written is not going to be any different

    Rafay is also plagiarising a lot of articles in a tricky way .(ie) he uses his English skills , to write ,but the concept remains the same ,changing (is , was or that )is not going to change the outcome. rafay is 100% script kiddy .
    I am sure you wont post this .But i have made my point ,now its up to you weather you post or wont ,I dared to ask you ,do u have the real guts to reply to this bro? .


    Please tech us some lock-picking stuff

  48. @The True hacker
    First of all dude I never said that programming is not necessary, The point I made here was that you can become a fairly good hacker without without any prior knowledge of programming.

    In your first paragraph you called a person a successful hacker who can modify tools and actually know what's happens by running which code, but according to me a successful hacker is one who can compromise the target as I have mentioned it several times in my posts.

    "Does it matter that if an Elite hacker writes a buffer overflow exploit and a script kiddie uses it to compromise a system?"

    You said "But at the same time rafay is no different he uses his blog to earn money , selling products such as sniper spy ,winspy ,etc(he gets commissions ) and calls them hacking ,Sniperspy is just spy software "

    Well there is nothing wrong in earning from your blog, I am sorry to say that your above statement indicates how jealous you are :).

    And plus if i recommend any of the products i make sure that I have already tested them, The reason why i recommend Now if you think that spying softwares are not a part of the hacking and let it be if it makes you feel better :P.

    You talked related to Plagiarism, make sure if you have made a statement you have relevant facts or proofs

    You said "
    rafay is 100% script kiddy .
    I am sure you wont post this .But i have made my point ,now its up to you weather you post or wont ,I dared to ask you ,do u have the real guts to reply to this bro?"

    Now you can call me what ever you want, I don't care, I know ALhumdullilah what I am capable of, I never reject any comment unless it's abusive in any way, I love to answer and try to clear misconceptions of weak minded people and yeah one more.

    You talk about guts, Make sure you have enough guts to post your real name while posting comments. I hope I have brought some sense in to your mind, Until next time baby!

  49. @Rafay, I'm sorry, I can't concoct anything on lock picking at the moment. I would be happy too write something on it later this Summer though. --Good job owning "The True Hacker" ;) I am in agreement with what you told him.
    -Only real reason why I am Anonymous is because I really enjoy my privacy.

  50. i m going to join ethical hacking & IT security course from appin technology lab.it is 6months diploma course,which is approved by IADL UK.can any one suggest me appin(Hyderabad) is good for it or not.

  51. thumbs up rafay!!!!!!!!! ur articles are amazing n some unnecessary arguments make them even mor interesting.......... js wanted to know that im a kid in hacking n stuff ......whr do u suggest me to began from...... is it better to do som course or online learning is enough

  52. @Andres
    Thank you, If solely depends upon your interest, You see hacking is a very vast field and is divided in to many categories, If you are an absolute beginner I would recommend you to go after my book as it covers pretty much all basics.

    refer - http://www.rafayhackingarticles.net/2010/08/beginners-guide-to-ethical-hacking.html

  53. hey rafay!!!! im sry man im not planning 2 spend anythin on hacking n stuf... jst hope it was free!!..... u see im just 15 and mom wont allow me fr nythn like this.... thrs no way 2 strt off free???? i quite interestd in this n hav learnt the way hackers do their exploits but i dont know how????? u kno they use softwares n stf but i dunno how to start off to learn them.... thanx a lot.

    If u hav any personal id i could contact you with that so that i could explain things to u

  54. Its great to know about the software with the tutorial included!!! it great Rafay !!!!!! keep it on!!1

  55. Rafay which programming languages do you reccomend????

  56. Good post!! :)

    Better - Learning some Programming Languages!! ;)

  57. Programming and coding is not essential for hacking because many hacking tool and tactics are available to hack any data without programming capability. You can use different mail ware programs to run .exe file in browser to hack the data of user.

  58. Lot of peoples have presented their kind comments on the matter that programming language is necessary or not.But for those the programming languages are necessary are still confused within their own since no one has yet recommended any programming language.So please suggest me if any.

  59. contact kross303 at yahoo dot com for your common hackign problems

  60. Rafay what was your 1st article about

  61. Well programming comes next. The most crucial thing is to know the architecture or the internal mechanism of that which you're going to hack. After knowing about the veins and joints you can control the chi of the system!!


© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form


Email *

Message *

Powered by Blogger.