In before
"DON'T HELP HIM!!"
>>1
It depends on what you're doing. If you're breaking into a website, you almost always need SQL injection, and sometimes also some Javascript if you've got an XSS exploit. If you're writing a buffer overflow attack, I can pretty much guarantee you'll be hacking on some raw machine code, because you have to be very precise about how your program is laid out in memory. Doubly so if your target system uses ASLR or any other form of buffer overflow protection.
If every idiot Windows user upgraded to Vista tomorrow, buffer overflow attacks would become almost useless overnight.
Of course, once you've broken into a system and you can run arbitrary code, you could literally be writing in Brainfuck for all it matters, because that's the very definition of "run arbitrary code." I saw an article once about a malware author who wrote trojans with embedded Scheme interpreters, just because he could.
But that all assumes you can get into a system in the first place, and to manage that, you have to know what you're doing. The best place to start is social engineering: Learn how to lie to people, how to make them trust you, and how to trick them into giving you their passwords. That is the most reliable hacker method, and by far the most productive. On your downtime you can also learn some ASM and start writing buffer overflows, because that's always a neat trick to show off at your Starcraft LAN parties.
One more thing: The
/b/ and
/i/ crowds like to use DDoS techniques to mob their targets and melt people's websites. This isn't really "hacking," but it is spectacular. If personal satisfaction isn't enough for you, and you would rather go to jail just to get your little IRC channel on the news, then this is the path for you. Learn whatever scripting languages you have on your system, and learn about network protocols and their vulnerabilities. A little research can go a long way.