If you don't have that passion for computers, you will never be a hacker. You can be a programmer, a computer scientist, world-famous in the IT field ... but not a hacker.
If you do have that passion, then it's possible ... but never easy. The following steps are for being a hacker on the software side ... these steps will be different for other endeavors.
* Learn about operating systems. Learn about operating systems you don't like. Learn about operating systems you would prefer to never use. Don't just concentrate on the fun stuff.
* Learn to program. Remember, programming is not language dependent. Don't worry about languages or programming style--yeah, you have to start with one programming language, but if you can learn to program in C, you can program in damn near anything. But avoid BASIC, if at all possible.
* Learn operations. Learn how networks work, how the processor works, jow memory works. You don't have to be a hardware guru (though if that's where your passion lies, go for it), but you do have to have at least some understanding of how the hardware works.
* Most important--NEVER STOP LEARNING! You will never learn everything about computer programming, not if you lived to be 1000 years old. You can learn from the crusty old Unix master who hasn't left his office in five years (because he doesn't have to), and you can learn from the shiny new wet-behind-the-ears intern who just hired on last week. The day you figure you have nothing left to learn, put down your keyboard and walk away, because your brain just stopped functioning.
The short answer is, all the skills required to do the task you want to do. For example, web application hacking? You will want to learn about the following topics:
- Database architectures (i.e. different types of database engines)
- SQL syntax (differences between MSSQL and MySQL, etc)
- HTTP protocol (incl. how to send raw requests)
- SSL/TLS issues and misconfigurations
- Intercepting proxies (like Burp Suite and Owasp Zap)
- Web application attacks (SQL Injection, RCE, RFI, LFI, XSS, CSRF, XST, etc. To learn about these attacks, check out the OWASP Testing Guide, it's free.)
- How files and file permissions work on Windows and Linux
- Being able to read and understand either ASP, , PHP or Java for source review purposes. (Can also be used to help developers create fixes to issues you've discovered. This skill is also required for e.g. code injection 0days you discover.)
- Knowledge about web application scanners, their weaknesses and strengths, etc. (This skill is pretty easy to obtain, but is gained over time the more you use different scanners and learn which ones are generally the best for your projects. FYI actively scanning a web application without permission is generally illegal.)
- Web services architecture
- Web services vulnerabilities
Note: The list above is not exhaustive but does include the majority of information you will need to be able to hack a web application.