|This article is part of a series on|
|Hacker culture & ethic|
In programming and hacking cultures, a script kiddie, skiddie, or skid is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites, such as a web shell. It is generally assumed that most script kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities. However, the term does not relate to the actual age of the participant. The term is considered to be derogatory.
The more immature but unfortunately often just as dangerous exploiter of security lapses on the Internet. The typical script kiddy uses existing and frequently well known and easy-to-find techniques and programs or scripts to search for and exploit weaknesses in other computers on the Internet—often randomly and with little regard or perhaps even understanding of the potentially harmful consequences.
Script kiddies have at their disposal a large number of effective, easily downloadable programs capable of breaching computers and networks. Such programs have included remote denial-of-service WinNuke, trojans, Back Orifice, NetBus and Sub7 vulnerability scanner/injector kit Metasploit and often software intended for legitimate security auditing.
Script kiddies vandalize websites both for the thrill of it and to increase their reputation among their peers. Some more malicious script kiddies have used virus toolkits to create and propagate the Anna Kournikova and Love Bug viruses. Script kiddies lack, or are only developing, programming skills sufficient to understand the effects and side effects of their actions. As a result, they leave significant traces which lead to their detection, or directly attack companies which have detection and countermeasures already in place, or in some cases, leave automatic crash reporting turned on.
One of the most common types of attack utilized by script kiddies involves a form of social engineering, whereby the attacker somehow manipulates or tricks a user into sharing their information. This is often done through the creation of fake websites where users will input their login (a form of phishing), thus allowing the script kiddie access to the account. 
An elitist subculture of hacking and programming communities, cheat-devs, are responsible for the development and maintenance of clients sold via P2C (pay to cheat) websites and communities. These individuals, colloquially recognized as "ratters", must circumvent the target programs security features; become undetected by the anti-cheat. In these communities, a strata of less capable individuals known as script kiddies infamously leach off cheat-devs for source codes and ideas. Script kiddies also download, slightly modify, then takes credit for the entire development of common sources. Enchilada is a term also used to describe script kiddie.
- Black hat hacker
- Exploit (computer security)
- Hacker (computer security)
- List of convicted computer criminals
- Web shell, a tool that script kiddies frequently use
- Leyden, John (February 21, 2001). "Virus toolkits are s'kiddie menace". The Register.
- Lemos, Robert (July 12, 2000). "Script kiddies: The Net's cybergangs". ZDNet. Retrieved 2007-04-24.
- Mead, Nancy R.; Hough, Eric D.; Stehney, Theodore R. III (May 16, 2006). "Security Quality Requirements Engineering (SQUARE) Methodology CMU/SEI-2005-TR-009" (PDF). Carnegie Mellon University, DOD. CERT.org.
- Klevinsky, T. J.; Laliberte, Scott; Gupta, Ajay (2002). Hack I.T.: security through penetration testing. Addison-Wesley. p. 409. ISBN 978-0-201-71956-7.
- Granneman, Scott (January 28, 2004). "A Visit from the FBI - We come in peace". The Register.
- Biancuzzi, Federico (March 27, 2007). "Metasploit 3.0 day". SecurityFocus.com.
- Rodriguez, Chris; Martinez, Richard (September 2, 2012). "The Growing Hacking Threat to Websites: An Ongoing Commitment to Web Application Security" (PDF). Frost & Sullivan. Retrieved November 30, 2013.
- Taylor, Josh (August 26, 2010). "Hackers accidentally give Microsoft their code". ZDNet.com.au. Archived from the original on January 20, 2012.
- Ms. Smith (August 28, 2010). "Error Reporting Oops: Microsoft, Meter Maids and Malicious Code". Privacy and Security Fanatic. Network World.
- "Script Kiddie: Unskilled Amateur or Dangerous Hackers?". United States Cybersecurity Magazine. 2018-09-14. Retrieved 2019-10-25.
- Tapeworm (2005). 1337 h4x0r h4ndb00k. Sams Publishing. ISBN 0-672-32727-9.
- The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers (2005) ISBN 978-0471782667