
Script Kiddie is an amateur person who tries to hack, exploit, abuse IT systems like computers, networks, web sites, etc. Script Kiddie is generally not a professional or hacker because it has very little knowledge about the hacking but can use the hacking tools by following tutorials.

Script Kiddie是一个业余爱好者,他试图黑客,利用,滥用计算机,网络,网站等IT系统。ScriptKiddie通常不是专业人士或黑客,因为他对黑客的了解很少,但可以使用黑客工具通过遵循教程。

Script kiddie is unskilled person which means every person can be a script kiddie easily. And these scripts are generally borrowed from friends or forums on the internet. Even some popular hacking communities provides script kiddie tools to help others.

脚本小子是不熟练的人,这意味着每个人都可以轻松地成为脚本小子。 这些脚本通常是从Internet上的朋友或论坛借来的。 甚至一些流行的黑客社区都提供脚本小孩工具来帮助其他人。

为什么叫剧本小子? (Why Called As Script Kiddie?)

It may sound strange a security person as script kiddie but there are some reasons to call script kiddie. First, start with the meanings of the words where the script is a bunch of commands ready to be used by copy-paste. So the script kiddie does not need to know the details about the script. He/she will just change some required parameters like IP address, user name, file name, and run the script. Kiddie comes from the working kid in order to express no or little knowledge or experience. Script Kiddie also called as skiddie or skid.

像脚本小家伙一样的安全人员听起来有些奇怪,但是有一些理由称呼脚本小家伙。 首先,从单词的含义开始,其中脚本是一堆准备好用于复制粘贴的命令。 因此,脚本小子不需要了解有关脚本的详细信息。 他/她将只更改一些必需的参数,例如IP地址,用户名,文件名,然后运行脚本。 Kiddie来自上班族,目的是不表达或很少表达知识或经验。 脚本小子也叫skiddieskid

如何成为脚本小子? (How To Become Script Kiddie?)

As stated previously becoming a script kiddie is a lot easier than becoming a professional hacker or security personnal. Below we will list some steps in order to become a script kiddie.

如前所述,成为脚本小子比成为专业的黑客或安全人员要容易得多。 下面我们将列出一些步骤,以使您成为脚本小子。

Don't Learn Programming Languages like C, C++, C#, Perl, Python, PHP, Assembly, JavaScript, HTML because it takes a lot of time. Security related Linux distributions and operating systems like Kali, Parrot OS provides a lot of tools and scripts which can be used with simple commmands and GUIs for hacking, penetration testing, wireless hacking, sniffing etc.

Don't Learn Programming Languages诸如C,C ++,C#,Perl,Python,PHP,Assembly,JavaScript,HTML之类的Don't Learn Programming Languages ,因为这会花费很多时间。 与安全相关Linux发行版和操作系统(例如Kali,Parrot OS)提供了许多工具和脚本,可与简单的命令和GUI配合使用以进行黑客攻击,渗透测试,无线黑客攻击,嗅探等。

Use Shells like r57, c100 or c99 in order to create backdoors on the remote systems and web applications. These shells provides easy access to the target system without need of creating custom scripts or applications.

Use Shells like r57, c100 or c99可以在远程系统和Web应用程序上创建后门。 这些外壳程序提供了对目标系统的轻松访问,而无需创建自定义脚本或应用程序。

Use Armitage To Exploit Systems and Web applications becasue it provides very usefull and easyto use GUI without a single command usage. Armitage provides GUI for popular pentest and exploiting framework named MetaSploit.

Use Armitage To Exploit Systems and Web applications因为它提供了非常有用且易于使用的GUI,而无需使用任何命令。 Armitage为流行的渗透测试和开发框架MetaSploit提供了GUI。

Do Not Study EIP, EASP and other CPU registers in order to exploit an application because security related web sites like Exploit-DB or Packet Storm provides a lot of low level exploits in order to performs CPU instruction based exploitation. Also Metasploit provides a bunch of exploits too.

Do Not Study EIP, EASP and other CPU registers in order to exploit an application因为与安全相关的网站(例如Exploit-DB或Packet Storm)提供了许多低级别的利用程序来执行基于CPU指令的利用程序。 Metasploit也提供了很多利用。

Make big claims but fake claims like you hacked Apple, Microsoft, Google etc because being script kiddie requires a lot of fame even know very little.

Make big claims but fake claims like you hacked Apple, Microsoft, Google etc因为成为脚本小子需要很多名声,甚至很少知道。

Use Remote Administration Tools (RAT) like SubSeven, DarkComet or Lost Door etc.

Use Remote Administration Tools (RAT) SubSeven,DarkComet或Lost Door等Use Remote Administration Tools (RAT)

Use wifite for wireless hacking because it provides CLI based GUI with just few input and try to exploit and hack wireless networks with different methods which you shouldn’t know.

Use wifite for wireless hacking是因为它仅需很少的输入即可提供基于CLI的GUI,并尝试使用您不知道的不同方法来利用和攻击无线网络。

Use Burp Suite Professional which can most of things for you. Burp Suite Professional is a pricy tool but has a lot of useful and automated features which is ideal for a script kiddie.

Use Burp Suite Professional which can most of things for you 。 Burp Suite Professional是一种价格昂贵的工具,但具有许多有用的自动化功能,非常适合脚本小朋友。

Also use Acunetic, Netsparker an other vulnerability scanners for websites where these tools automatically test, detects even exploit web applications vulnerabilities.

Also use Acunetic, Netsparker an other vulnerability scanners for websites在这些工具可以自动测试,检测甚至利用Web应用程序漏洞的Also use Acunetic, Netsparker an other vulnerability scanners for websites上进行Also use Acunetic, Netsparker an other vulnerability scanners for websites

Learn little or no networking because there are a lot of script or GUI tools to hack network vulnerabilities with no complexity.

Learn little or no networking因为有很多脚本或GUI工具可以毫无复杂地破解网络漏洞。

Test and try lots of security tools and store them in your hard drive because trying is importent part of the script kiddie. You can try all tools one by one if one of them work.

Test and try lots of security tools ,并将其存储在硬盘中,因为尝试是脚本小子的重要组成部分。 如果其中一种工具可以工作,则可以一一尝试所有工具。

Create a security blog, page or social media account in order to create fame and your non-existing experties.

Create a security blog, page or social media account ,以建立名气和您不存在的专业知识。

Use DDOS attacks by buying them and present this DDOS attacks as hack which will make big effect on the security community.

Use DDOS attacks by buying them此DDOS攻击呈现为hack,这会对安全社区产生重大影响。

Create good slogan for defaced web sites or you form signature like "1mm0rtA1 was here" which will increase your fame.

Create good slogan for defaced web sites or you form signature like "1mm0rtA1 was here" ,这将增加您的声誉。

Do not learn the operating system concepts because there must be a script or tool to hack an operating system.

Do not learn the operating system concepts因为必须有脚本或工具才能破解操作系统。

Make self promotions like making self-interview with non existing editor as if it exists and talk like a misterious person.

Make self promotions like making self-interview with non existing editor as if it exists并像一个person昧的人一样交谈。

Use a name which is expressed with letters, numbers and special characters like 1mm0rtA1 which will make you more misterious.

Use a name which is expressed with letters, numbers and special characters like 1mm0rtA1会使您更加困惑。

Do not study Linux and prefer windows based tools but learning some long linux commands may help you to show your expertise to others.

Do not study Linux and prefer windows based tools而是Do not study Linux and prefer windows based tools但是学习一些长Linux命令可能会帮助您向其他人展示您的专业知识。

Do not contribute to the open source and community projects like Metasploit, Nmap, SqlMap, wpscan, Exploit-DB just use them and talk like you can create better tools then theses.

Do not contribute to the open source and community projects like Metasploit, Nmap, SqlMap, wpscan, Exploit-DB只需使用它们并进行交流,就可以像这样创建更好的工具。

脚本小子技巧 (Script Kiddie Techniques)

Script Kiddies have some popular attack types and techniques which are easier than a professional way. They can use these techniques in order to hack, exploit, deface remote systems, and web applications with no or little effort.

脚本小子有一些流行的攻击类型和技术,比专业方法更容易。 他们可以使用这些技术轻松地破解,利用,破坏远程系统和Web应用程序。

Social Engineering is very easy like lying. One of the targets will trust you and take action to make himself vulnerable. You can call different IT departs in order to get information about their systems like calling from the internet provider, customer, etc.

Social Engineering很容易说谎。 目标之一将信任您并采取行动使自己脆弱。 您可以致电不同的IT部门,以获取有关其系统的信息,例如从Internet提供商,客户等处致电。

Phishing is another example where script kiddie can reach a lot of people to make them click into a harmful link even install some malware easily.


Forum Tutorials are important where script kiddie can follow the hacking steps easily which has been checked previously. Script kiddie can try these steps in different targets where one of them will work successfully.

Forum Tutorials非常重要,脚本小子可以轻松地按照之前检查过的黑客步骤进行操作。 脚本小子可以在不同的目标中尝试这些步骤,其中一个目标将成功运行。

Google Dork is another useful resource for script kiddies where Exploit-DB publishes different google dorks about security vulnerabilities. The world is big enough to find a target where given dork and exploit can work in 30 minutes.

Google Dork是脚本小子的另一个有用资源,Exploit-DB会在其中发布有关安全漏洞的各种Google问题。 这个世界足够大,可以找到目标,让给定的傻瓜和漏洞利用可以在30分钟内发挥作用。

比较Script Kiddie和Hacker (Compare Script Kiddie vs Hacker)

In this part we will compare the script kiddie and hacker for similarities and differencies.


  • Script kiddie has little or no knowledge where a hacker has enormous knowledge.脚本小子很少或根本不了解黑客在哪里拥有大量知识。
  • Script kiddie requires others to help to hack but a hacker can hack without anybody’s help.脚本小子需要其他人来帮助黑客,但是黑客可以在没有任何人帮助的情况下进行黑客入侵。
  • Script kiddie needs ready to be used tools where a hacker can create his own tool.脚本小子需要立即可用的工具,黑客才能在其中创建自己的工具。
  • Script kiddie can use easy to use scripts and GUI tools where a hacker can dance with the CPU instructions easily.脚本小子可以使用易于使用的脚本和GUI工具,使黑客可以轻松地与CPU指令共舞。
  • Script kiddie targets low-level systems and web applications where hacker targets big, important, and heavily secured systems.脚本小子针对低级系统和Web应用程序,而黑客则针对大型,重要且高度安全的系统。

翻译自: https://www.poftut.com/what-is-script-kiddie-how-to-become-script-kiddie/


