We’ve all been there – you want to level up your hacking repertoire, but there are hundreds of exciting new programming languages, and you don’t know which one to start with. So what do you do? No need to stress out! We’ve created this little guide to give you an overview of what languages matter the most for hackers, and why each one is essential, so you don’t have to blindly ponder what programming languages to learn for hacking.
Coding is a core skill of hacking. It lets you understand the apps you want to break, read their source code to see how they work, and write payloads to exploit other machines. So without further ado, let’s go through the top languages for hackers!
More importantly, JS is the key to controlling the browser. The web isn’t leaving anytime soon, so mastering web tech is a core hacking skill.
A classic among programming languages to learn for hacking. Tho C has lost its crown as the lingua franca of coding, it’s still one of the most common languages for open source. But its importance as a hacking language comes from the language’s many memory management issues, which make it an ideal target for exploitation.
C is also the language of Unix and Linux operating systems, making it C a helpful skill if you plan to learn Linux at a very deep level. Note, though, that many newer systems programmers use Rust instead of C, because it handles memory more safely. Rust is also worth learning, but at the moment, C is still much more important for pentesters.
Examples of major software written in C include:
Among many, many others. CTFs often ask you to exploit a flawed C program, and the OSCP cert includes boxes that you must pwn by exploiting memory bugs in C programs.
If you get deep enough into exploiting C programs, assembly language (asm) will come naturally. Asm is crucial for crucial for hacking because you need it for reverse engineering. Reversing lets you see how apps work by taking apart the built executable in assembly. With this skill, you can find exploits in apps even without looking at the source code or extensive testing of the features by hand.
Although it can look intimidating, asm is quite easy to learn. Here’s “Hello, World!” in x86 asm for Linux:
mov rax, 1 ; write(
mov rdi, 1 ; STDOUT_FILENO,
mov rsi, msg ; "Hello, world!\n",
mov rdx, msglen ; sizeof("Hello, world!\n")
syscall ; );
mov rax, 60 ; exit(
mov rdi, 0 ; EXIT_SUCCESS
syscall ; );
msg: db "Hello, world!", 10
msglen: equ $ - msg
As you can see, the comments map the asm code to C. It’s really best to know both. In fact, C is so close to asm that many people call it the “portable assembly language”.
To learn asm, I recommend the book Programming from the Ground Up by Jonathan Bartlett. Even better, you can download for free using this link: https://download-mirror.savannah.gnu.org/releases/pgubook/ProgrammingGroundUp-1-0-booksize.pdf. Although you should learn assembly at some point in your career, it’s not a good first language. Learn C first, before tackling asm. It will also help you debug your C code once you get good enough.
Most of the time, the apps you hack often won’t depend on your knowledge of Python. Still, its good to learn because its the default “coding language” most people today learn. Also, its a great language for automating basic tasks. For example, when I want to write a script to perform some tasks during a pentest, Python is my go to tool. Look at how simple and easy to read the code is.
password = 'ilovehacking'
guess = input('password: ')
if guess == password:
print('You got the password right!')
print('Nope. Try again later.')
Since Python is such a common language, you’ll often run into code written in Python. You may need to modify it, or at least understand how it works. For a small example of how common Python is in the infosec world, check out this newbie CTF that relies on basic Python skills:
If you want to try the CTF yourself, you can do so here: http://13channel.crabdance.com/ctf/thread/3.html.
Like C, Python is also one of the “default” open source languages. So if you want to help out a project or read the code for a tool, you’ll often find Python code waiting for you on Github.
Less major programming languages to learn for hacking
While the langs above are the most crucial for an aspiring hacker, there are others that are pretty important as you advance in your skills. We’ll list them below, along with a brief explanation of why they’re such a big deal.
- HTML: basic building block of the web. If you learn JS, you’ll learn this first.
- SQL: SQL injection, one of the classic web attacks, and an important part of web dev.
- Regex: regular expressions often do important sanitization. Learn to bypass it. Also, regex can cause denial of service.
- Java: hack Android apps and create addons for Burp Suite.
- Shell (Powershell, bash, etc): automate your OS and work with the system efficiently
Note that this list would have been very different just ten years ago. Back then, PHP and Perl would have been near the top. That goes to show that the best skill you can learn is constant learning and adaptation
It’s a struggle to decide what programming languages to learn for hacking when you’re a newbie. Hopefully this article clears things up a bit and gives you some insight into how to advance your skills. Happy hacking!