1) There are several special distributions that are sharpened for Penetration Testing - in particular BackTrack Linux and its descendant Kali Linux
2) Clearly and without water - D. Erickson - Hacking: the art of exploitation, 2nd edition
3) PHDays - Positive Hack Days , RUCTF

It is unlikely that you will be able to "learn hacking" without a huge amount of knowledge acquired by theory and practice in a wide variety of areas. Offhand, expert knowledge of C, C++, assembler, processor architecture, compiler writing technology, excellent knowledge of network infrastructure and data transfer protocols, design patterns and typical mistakes when using these patterns, skills in designing highly loaded and client-server systems... and the list goes on and on.
Well, of course, you can become a scriptkiddy, a child who downloads Yxploits from the site and compiles and runs them with jambs and questions on the forums. Or download Khakir pragrams and let them go to all sites in a row. Crack passwords to ICQ that no one needs now, etc.

I've answered a similar question before, I'll copy and paste:

- Know all popular languages ​​(and most of the unpopular ones too)
- Know all types of databases (regular Mysql/MSSQL/Postgres + all sorts of document-oriented ones)
- Know how protocols work, how and why they work
- Know *nix/win, how they work and what where it lies
- Know popular vulnerabilities and how to find them
- Know popular hacking software and be able to use it
- Be able to think outside the box. Be able to lose the ball in a closed room.
Here's a short list of typical early 00s kiddies skills. An information security "specialist" should know/be able to do all this, plus a bunch of other ways to protect yourself from it.

--------------------
The realities have changed a little, and a dozen more points can be added to this list.

Vulnerabilities with the help of SI are not searched for in systems, I use it as a means of delivering malware. Vulnerabilities are searched for through testing and analysis of both results and source documents (codes of programs, descriptions, standards, etc.). Erickson's book, which was recommended above, is of course good, but very outdated, systems, hardware and a bunch of everything have changed, attack vectors have changed and it is now practically useless (except if you are not familiar with the basics at all).

I can throw a test work, sakurity.com

TC Courses Specialist in ethical hacking.
Should be on the torrents by now.

You need to know what to read and where to practice.
What to read:
https://webware.biz/
https://kali.tools/
https://hackware.ru/
zalinux.ru
https://defcon.ru/
Where to practice:
https://habrahabr.ru/company /pentestit/blog/261569/
https://xakep.ru/2010/06/03/52289/

Go into the field of information security. It's business as usual there.

Where to start learning hacking and hacking as a hobby or whitehat?

Start studying with the Criminal Code of the Russian Federation. Even while searching for vulnerabilities at the request of the owner, you may find that it is more profitable for him to pay you off by filing a statement with the prosecutor's office.
A hobby sooner or later will lead to part-time jobs.
It's just strange that the IT specialist, whom this topic "always interested me", for so long is not even aware of the elementary questions that he asked here, using the words "comp", "hacker skills", "cracking" and others, not knowing such things . Moreover, as he himself writes, you can learn Pascal in 2 weeks.

Participate in various CTFs.
Here you can monitor.
https://ctftime.org/

https://pentesterlab.com/bootcamp
14 week web security bootcamp.