Script Kiddie is an amateur person who tries to hack, exploit, abuse IT systems like computers, networks, web sites, etc. Script Kiddie is generally not a professional or hacker because it has very little knowledge about the hacking but can use the hacking tools by following tutorials.
Script kiddie is unskilled person which means every person can be a script kiddie easily. And these scripts are generally borrowed from friends or forums on the internet. Even some popular hacking communities provides script kiddie tools to help others.
Why Called As Script Kiddie?
It may sound strange a security person as script kiddie but there are some reasons to call script kiddie. First, start with the meanings of the words where the script is a bunch of commands ready to be used by copy-paste. So the script kiddie does not need to know the details about the script. He/she will just change some required parameters like IP address, user name, file name, and run the script. Kiddie comes from the working kid in order to express no or little knowledge or experience. Script Kiddie also called as skiddie or skid.
How To Become Script Kiddie?
As stated previously becoming a script kiddie is a lot easier than becoming a professional hacker or security personnal. Below we will list some steps in order to become a script kiddie.
Don't Learn Programming Languages like C, C++, C#, Perl, Python, PHP, Assembly, JavaScript, HTML because it takes a lot of time. Security related Linux distributions and operating systems like Kali, Parrot OS provides a lot of tools and scripts which can be used with simple commmands and GUIs for hacking, penetration testing, wireless hacking, sniffing etc.
Use Shells like r57, c100 or c99 in order to create backdoors on the remote systems and web applications. These shells provides easy access to the target system without need of creating custom scripts or applications.
Use Armitage To Exploit Systems and Web applications becasue it provides very usefull and easyto use GUI without a single command usage. Armitage provides GUI for popular pentest and exploiting framework named MetaSploit.
Do Not Study EIP, EASP and other CPU registers in order to exploit an application because security related web sites like Exploit-DB or Packet Storm provides a lot of low level exploits in order to performs CPU instruction based exploitation. Also Metasploit provides a bunch of exploits too.
Make big claims but fake claims like you hacked Apple, Microsoft, Google etc because being script kiddie requires a lot of fame even know very little.
Use Remote Administration Tools (RAT) like SubSeven, DarkComet or Lost Door etc.
Use wifite for wireless hacking because it provides CLI based GUI with just few input and try to exploit and hack wireless networks with different methods which you shouldn’t know.
Use Burp Suite Professional which can most of things for you. Burp Suite Professional is a pricy tool but has a lot of useful and automated features which is ideal for a script kiddie.
Also use Acunetic, Netsparker an other vulnerability scanners for websites where these tools automatically test, detects even exploit web applications vulnerabilities.
Learn little or no networking because there are a lot of script or GUI tools to hack network vulnerabilities with no complexity.
Test and try lots of security tools and store them in your hard drive because trying is importent part of the script kiddie. You can try all tools one by one if one of them work.
Create a security blog, page or social media account in order to create fame and your non-existing experties.
Use DDOS attacks by buying them and present this DDOS attacks as hack which will make big effect on the security community.
Create good slogan for defaced web sites or you form signature like "1mm0rtA1 was here" which will increase your fame.
Do not learn the operating system concepts because there must be a script or tool to hack an operating system.
Make self promotions like making self-interview with non existing editor as if it exists and talk like a misterious person.
Use a name which is expressed with letters, numbers and special characters like 1mm0rtA1 which will make you more misterious.
Do not study Linux and prefer windows based tools but learning some long linux commands may help you to show your expertise to others.
Do not contribute to the open source and community projects like Metasploit, Nmap, SqlMap, wpscan, Exploit-DB just use them and talk like you can create better tools then theses.
Script Kiddie Techniques
Script Kiddies have some popular attack types and techniques which are easier than a professional way. They can use these techniques in order to hack, exploit, deface remote systems, and web applications with no or little effort.
Social Engineering is very easy like lying. One of the targets will trust you and take action to make himself vulnerable. You can call different IT departs in order to get information about their systems like calling from the internet provider, customer, etc.
Phishing is another example where script kiddie can reach a lot of people to make them click into a harmful link even install some malware easily.
Forum Tutorials are important where script kiddie can follow the hacking steps easily which has been checked previously. Script kiddie can try these steps in different targets where one of them will work successfully.
Google Dork is another useful resource for script kiddies where Exploit-DB publishes different google dorks about security vulnerabilities. The world is big enough to find a target where given dork and exploit can work in 30 minutes.
Compare Script Kiddie vs Hacker
In this part we will compare the script kiddie and hacker for similarities and differencies.
- Script kiddie has little or no knowledge where a hacker has enormous knowledge.
- Script kiddie requires others to help to hack but a hacker can hack without anybody’s help.
- Script kiddie needs ready to be used tools where a hacker can create his own tool.
- Script kiddie can use easy to use scripts and GUI tools where a hacker can dance with the CPU instructions easily.
- Script kiddie targets low-level systems and web applications where hacker targets big, important, and heavily secured systems.