Pin It

Which Programming Language To Learn For Hacking?

Having the prior knowledge of programming is something which will separate you from all the other script kiddes( Wanna be hackers) and other tool lovers out there, Lots of times during penetration tests you come across a point where you need to write or build your own custom scripts and programs this is where the knowledge of programming comes handy.

The other and by the far the most important advantage of programming is that you will be able to understand exploit codes and even learn to write them too, Though there are softwares which have made the process of exploit writing much simpler, but you still need to have a solid grasp of programming languages in order to know how the exploits work.

Now that you have understood the importance of learning programming languages, You might be asking yourself “where to began”, “Which programming language” should I began learning with, Don’t worry, I have seen these types of questions asked a lot in various hacking communities and forums, The answer to these questions is that it depends on your interest.

Web Hacking

Now if you are interested in webhacking subject, subject then I would recommend you to learn the following languages:

1. HTML – Start with Html if you don’t know it

2. Javascript – Next learn javascript, which will help you understanding the fundamentals of cross site scripting which will be explained later in this book.

3. SQL Databases – You should learn to work with databases, which will help you to understand the fundamentals of SQL Injection attacks which will be also explained later in this book when we come to the Web Application hacking chapter.

4. PHP – Learning PHP should be your one of your first priorities if you want to understand the mechanisms behind the web hacking attacks. I would recommend you to learn it as soon as possible.

Recommended Sources:

5. W3schools – W3schools has wide variety of e-learning courses including languages like PHP, HTML, Javascripts etc, If you have zero knowledge of programming languages try starting with HTML and javascript.

Exploit Writing

Exploit writing is a very difficult segment in hacking as it requires pure programming knowledge, which is why I will not recommend you to start with exploit writing, Exploits are/can be coded in almost any programming language e.g C/C++, Python, Perl etc, but more than 50% of the exploits you will find on the web will be coded in C/C++ languages because they were present before any one of other languages. Languages such as C and C++ are considered as programming languages where as languages such as ruby, perl and python are considered more as scripting languages.

I would recommend you to start with C languages and then to C++, C/C++ have lots of similarities, so if you could get a good grasp on any one of them you can learn the other one easily.


Talking about scripting languages, I would recommend you to start with Ruby, Ruby is one of my most favorite programming language as it’s purely objected oriented which means that everything you work on is an object. Ruby is really useful when it comes to exploit writing, Ruby is used for coding meterpreter scripts and what could be more better that the Metasploit framework itself was coded in ruby language.


Python is also a very useful programming language, it can also be used for exploit writing, If you go for python first then make sure that you learn Python socket programming as it will help you a lot in the exploit creation process.


Talking about PERL, it’s also used widely for exploit writing, you will find lots of exploits out there written in PERL, but the problem is that perl is really difficult compared to other languages such as ruby and python, so I would recommend you to learn it at the very end.

Reverse Engineering

Reverse engineering is an act of tampering softwares, applications to make them work out way, If you are interested in reverse engineering and software cracking stuffs then you would surely need to learn Assembly language.

Reverse Engineering Tutorials:

If you are serious about learning to code in assembly then I would recommend you to read jeff Duterman’s “Assembly Language Step-by-step” book.

This concludes our chapter “Hacking And Programming”, One thing I would like to point out that learning 10 different programming languages is not a big deal but mastering a one is surely very difficult, Consider picking up a programming language to learn and make sure that you keep practicing it.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA

Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Kindly Bookmark it and Share it with Friends:


Royalpride on January 18, 2012 at 8:51 AM said...

...Thanks for the article...but can i use java to write exploits/or perform reverse engineering???...

Rafay Baloch on January 18, 2012 at 10:19 AM said...

Yes, Java can be used for creating exploits, Almost all Russian exloit kits use java. However it's not very common and people prefer languages like c,c++,perl etc. As far as reverse engineering is concerned assembly is must for proper understanding.

Niketan Patil on January 18, 2012 at 10:35 AM said...

Nice article dude..because so many peoples ask this question now days.Hope it ll help all those peoples.

@Rafay : Why your website traffic decreased ?

My recent post : Mobile hacking

Royalpride on January 18, 2012 at 10:57 AM said...

@rafay thanks for the reply i really appreciate...i'm a Java Developer...can u please tell me where/how i can learn to develope exploits using Java??

Rafay Baloch on January 18, 2012 at 11:16 AM said...

Are you familiar with basic exploit development?, Buffer overflows and stack overflows, If yes then you could start by looking at the source of exciting java exploits and then integrating your own idea and think of possible ways to make it more function-able.

Rafay Baloch on January 18, 2012 at 11:17 AM said...

Welcome dude, Traffic decreased due to panda effect.

Royalpride on January 18, 2012 at 12:29 PM said...

Yeah rafay i know buffer & stack overflow... my problem is i've not seen a Java Exploit...can u give me an example of a java exploit... so that i can see what it looks like

Rafay Baloch on January 18, 2012 at 12:50 PM said...

Take a look at Javaapplet exploit in social engineering toolkit, it's a very good example. Also take a look at java drive by exploits.

Royalpride on January 18, 2012 at 11:20 PM said...

Ok Thanks...can S.E.T. run on windows??...I Dont have backtrack..if yes can u kindly paste the download link...

Rafay Baloch on January 19, 2012 at 1:40 AM said...

It's comes within backtrack, However as it's python you can run it on windows. But backtrack is recommended.

Royalpride on January 19, 2012 at 9:24 AM said...

Thanks Boss

Anonymous said...

@Rafay Baloch can you please please please help me hack this particular person's fb for me

Anonymous said...

hey rafay ,
i work in with sql , how can i write exploit?

Abimael said...

You better learn for yourself and stop expecting everyone else to do stuff for you




Srikanth- on January 9, 2013 at 7:00 AM said...

My question iz nt related 2 diz
My friend know answer fr my security question
and he reset my passwrd,anywayz i can get my acc back but the process repeats again he ll again do the same thng..
when i checked in fb security itz mentioned that u cant change security question ...watz da soln fr my prblm
thnkz in advance

benja nerony on November 22, 2013 at 5:42 PM said...

thnx for your article
i want to know please if c# can use instead of c\c++ ?

benja nerony on November 22, 2013 at 5:46 PM said...

thnx for your article
i want to know please if c# can use instead of c\c++ ?

Dare to ask? :)

Blog Archive


Recent Comments


Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.