CONNEXION ✔ Connexion INSCRIPTION ✔ Inscription Un Bug ? ✐ Un Bug?
rss
Plateforme de Hacking

Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés
Hacker
  • sniffing
  • cracking
  • buffer overflow
  • créations d'exploits
  • social engeneering
  • l'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • injection de code SSI, SQL, etc...
  • Utilisation d'exploits, crétion de scripts(php, irc, perl)
  • Cours en ligne
We make porn

Please Donate To Bitcoin Address: [[address]]

Donation of [[value]] BTC Received. Thank You.
[[error]]
Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: phrack45/p45-08.txt
                              ==Phrack Magazine==



                 Volume Five, Issue Forty-Five, File 8 of 28



****************************************************************************





                        Running a Board on x.25

                        =======================



In this article, I want to inform the reader about advantages, problems,

experiences and fun about running a BBS on x.25.  I also want to do a few

comparisons between x.25 on one hand and the Internet and phone system

on the other.  This article may also help you to setup a BBS on a

UNIX, no matter if on x.25 or not.





I.      Systems on x.25...

==========================



In my article for Phrack 42 about the German scene (read it if you haven't

done so yet! :-)  I also mentioned the x.25 scene and a few Bulletin Board

Systems (BBS / boards) on it.



One of the most popular ones, LUTZIFER, just went down on December 20, 1993.

Lutzifer used to be one of the most popular x.25 boards back in 1990 and

early 1991, when US people were still able to use Tymnet ("video" and

"parmaster") and Sprintnet without much of a hassle.  I spoke with Lutz

(sysop of Lutzifer) at the CCC Congress in Hamburg a week later.  He told

me that he first just wanted to change the speed for his x.25 connection

from 9600 to 2400 to save some money (actually 50%), because he didn't get

too many calls anyway.  But the German Telekom (who handle x.25 AND the phone

lines) wanted him to cancel his old x.25 connection, get a new NUA, pay the

$300 installation fee, all to get a 2400 bps connection.  This really made

Lutz mad, and he finally decided to cancel all x.25 - so goodbye to Lutzifer!



On the other side, QSD (the lamest chat system one can imagine) is still

up and running on x.25.  Back in Summer 1993, there have been many rumors

that QSD would go down.  It wasn't reachable from most networks in the world

anymore, including Sprintnet, Datex-P and others.  They were probably just

"testing" something - but QSD will never have its >80 online users again

(sounds pretty ridiculous compared to IRC :) that it had back in the good

old days.





II.     Advantages of x.25

==========================



You may wonder what the advantages of running a board on x.25 are.

Wouldn't an Internet link or a phone dialup be enough?  In fact, the Internet

is getting more and more popular, the number of its hosts is increasing

dramatically.  This, and the fact that ISDN is faster and available to more

and more people at cheaper rates, makes x.25 seem unattractive.



But x.25 is a very old and safe network.  It hasn't really changed in 10

years.  There are hardly any netsplits like on the Internet, and it has

a very low rate of data errors.  X.25 is available in almost every country

(far over 200) in the world, even in countries that never heard of Internet

like Mauritius or United Arab Emirates.  This means that a lot of people from

all over the world can call you at a cheap rate (at least cheaper than

international phone charges, for some people even free at all :).

To the sysop it offers a couple of features that modems can't offer, and

where the Internet isn't safe enough.  This is also a reason why most banks,

insurances and credit agencies still rely on x.25.  I will describe those

features in the next chapter.





III.    Setting up your X.25 board

==================================



So let's get practical after all this boring theory!



How do you start if you want to setup your own x.25 board?



First of all, you need your own x.25 line.  In most countries your phone

company would be responsible; in a few countries like the US you may even

have a choice of different x.25 providers like "Sprintnet".  The prices for

those lines really vary.  You may check the Sprintnet or Tymnet Toll Free

information service, that also gives you information and prices about

other countries.  E.g. in Germany a 2400 bps (the slowest) link would be

US$130 a month, a 9600 bps link about $260.  The good thing though is that

each additional virtual channel is just $3 more per month (in Germany).

A number of 16 channels is typical and 128 channels aren't exotic.



But remember, all channels have to share the maximum bandwidth of - let's

say - 9600 bps.  So if 10 people would start to leech the latest Phrack

at the same time, they would all just have 960 bps each or 96 cps.



But downloading isn't always that easy.  In fact, many of my users have

been reporting problems while trying to download.  While a few x.25

networks like Datapak Norway and German Datex-P are true 8 bit networks,

many networks and PADs just handle 7 bit connections.  It's not always

that easy to transfer binaries at 7 bit, though it was possible for me

to download from a Sprintnet dialup using a 'good' version of Z-Modem.



X.25 is not the right choice if you want to transfer huge amounts of data

anyway.  It is meant for people who work interactively.  It is recommended

for people who want to do a database research, read and write email and news

or just chat.



You will also notice that, if you are a paying x.25 user (aren't you all :-)

and get your bills, connection time is really cheap; up to 70 times cheaper

than long distance phone charges.  What counts are the transmitted bytes,

no matter how fast you are!  You easily pay $30 for transferring 1 MB.



But what else do you need after you got your x.25 link?



You need a PC (which doesn't have to be fast; I was using a 386sx for quite

some time.  In fact, my new 486/40 board is 'too fast' for my old x.25 8 bit

adaptor :).  It might also be interesting to run it on a Sun or HP

workstation; but the x.25 cards for those machines are rather expensive.



Then you need a good operating system.  Don't even think of running DOS.

You want to have a multi-user multi-tasking system after all, don't you?

So your choice is UNIX.  Systems with pretty good x.25 solutions are

Interactive and SCO Unix.  They are both old fashioned System V / 386's,

but are running safely, hardly ever crash and are popular in the commercial

world.  I chose Interactive.



How do you connect your PC to the x.25 line?



Good guess.  Yes, you need an adaptor card.  I got an EICON/PC card.  EICON

cards are probably the best supported and most common x.25 cards - they

are made in Canada.  However, they aren't cheap.  Usually they are around

$1000, if you are lucky you could get a used one for $600.  You might get

a cheaper x.25 adaptor, but check in advance if the software you want to

use supports that adaptor.  There is no real standard concerning x.25 cards!



Anything else you need?



Yes, the most important thing - the software.  UNIX doesn't come with

x.25 drivers.  However, there is a really good x.25 solution available

from netCS Software in Berlin, Germany.  (The company was co-founded

by "Pengo" Hans H.  Send them mail to postmaster@netcs.com for info.)





IV.     Features

================



This software, and x.25 in general, has a few nice features.  If you

receive an x.25 call from somewhere, the NUA ("Network User Address")

of the caller is being transmitted to you.  This works pretty much like

Caller-ID, with the exception that the caller can't prevent it from being

transmitted, and he usually can't fake the address he is calling from.

Of course he can call through a couple of systems, and you would just

see the NUA of the last system he calls you from.



This feature can easily be used to accept or reject calls from certain

NUAs/systems or whole countries.  Many systems like banks just allow

certain NUAs to call them, just the ones that they know.



You could also give different access to different people:  people from

country A may login to your system, country B may just write you a mail,

all other countries are forced into chat and the NUA of CERT is being

rejected and received a "nice" goodbye message.



Of course you will also keep a logfile (and 99% of the systems you call

will have a logfile with YOUR call and the calls you might place using

its pad).  This logfile usually contains the NUA that calls you (or that

is being called), the programs that are being executed, the userid of

the caller, duration, reason for termination and more.



Another interesting feature is the 'Call User Data' (CUD).  The caller may

transmit up to 16 bytes (default is 4 bytes) to your host before he

establishes an x.25 connection.  In these bytes he may send you a Service

Request.  The default CUD is 01/00/00/00 and means 'interactive login'.

You may define any CUD you want and just accept calls that use that certain

CUD - it would work like a system password then.  Many systems may also

have a service request that allows the caller to execute commands on that

host remotely, without supplying any additional password (be aware of this!)



For more technical information about x.25 read one of the articles in the

previous issues of Phrack.  I am glad that Phrack is still covering x.25

with plenty of interesting articles after all these years!





IV.     Chosing the BBS Software

================================



Okay.  Now we decided to choose UNIX as operating system.  Of course, you

could give all your users shell access, create a guest account with limited

shell access and a chat account that kicks you just into chat.  That's what

I used to do first.  But since we want to run an open system and give

accounts to many hackers, it might be a scary vision that all of them

have shell access and try to hack your system.



This is the point when you are looking for a BBS software for UNIX.  There

aren't too many free BBSes for UNIX around, most of them cost some hundred

dollars (check out the latest Boardwatch issue for more information).



However, I found a pretty decent BBS software called 'Uniboard'.  It runs

fine on most System V's including Interactive and SCO; versions for Sun OS

and Linux are available too.  It offers you a nice colorful (you may turn

it to black & white) menu driven interface.  You have to have C-News and

sendmail installed and running.  Instead of sendmail I use smail, which

is bug-free, much easier to install and offers at least the same features.

C-News though isn't that easy to install and takes quite some time and

document reading.  But these packages are used by Uniboard for messages (news)

and email.  This is pretty nice, because you can just exchange mail with

everyone on the Internet.  You can also read your favorite newsgroups

in Uniboard like alt.sex.bondage and post to local groups.  The filebase

is designed okay, but it doesn't feature the concept of ratios yet.

(You just get one byte download ability for each byte you upload!).  Rick,

the author, promised me to put it into the next version though.  The biggest

drawback is that you will just get the binary, no sources available,

so you can't put in all the features you would like.  For more information

send email to the author Rick in Italy at pizzi@nervous.com.

He will give you a free demo key that works for a few weeks, if you ask him.

Afterwards you could get a key for $40 and more, depending how many users

you want to have.





V.      How to get more users

=============================



You may think:  Okay, fine.  But not everybody has x.25 access, though

(almost) everybody has Internet access.  How could these people call me?

Well, the solution isn't easy.  I was told though that someone installed

an Internet site that would forward the call through an x.25 PAD to my

system.  Of course, the system administrator of that Internet site found

out after a while and installed the following banner (he obviously has

a sense of humor :) - someone sent me this log:





telnet> open pythia.csi.forth.gr 2600

Trying 139.91.1.1 ...

Connected to pythia.csi.forth.gr.

Escape character is '^]'.

Welcome to Sectec Direct. Please hold the line. :)

Calling...connected...



MUniBoard v. 1.12

400 users Runtime System S/N 345968791

Licensed for single machine use to Seven Down on sectec

Unauthorized duplication allowed

Loading..



              ________________________________________________

             /~ .~  /  _ . ~/~ _ . |~  __ ~|  _ . \~ _    _ ~/

            // ____/_ |_\__/. | \__|. |__| | |_\__/\/ |  | \/

           /____   ~/  _|__|| |  __|:     _|  _|__    || |

            // .  //: |_/. \: |_/. || |\ \\: |_/. \   |: |

           /_____ /|________\______|__| \__\_______\  |__|

    ___________________________________________   ___________________

    \~ _    _ ~/ _ . ~/ _ .\~ _    _ ~/ __ |~ ~\ |~~|~| _ . ~/~ .~  /

     \/ |  | \/ |_\__/ | \__\/ |  | \/ /  \||   \| || || \__// ____/_

        || | ||  _|__| |  __   || | \\ \  /|: \  \ :| ||  ______   ~/

        |: | |: |_/. \ |_/. \  |: |  \  \/ || |\   .| ||_/. \/ .  //

        |__| |________\______\ |__|   \____|__| \___|_|______\___ /





Dear fellow hacker,

Please use YOUR telephone to make long distance calls

Using other's systems over the Internet is just NOT fair

let alone that is ILLEGAL.  Anyway, your hosts computer names/IP addresses

and location, as well as accurate logs of most of your recent/6 months

unauthorized calls are in file and might be used against you in court.

Legal service courtesy of FIRST/CERT



sorry if we ruined your day...



Connection closed by foreign host.





V.      Modem Ports

===================



Also, every board on x.25 should have a direct modem dialup (and I guess

every board does!  The dialup for Lutzifer wasn't public, but it had one!)

You need to have a modem at least for uucp polling of news and mail.

If you are running UNIX, you don't need one of those really expensive

'intelligent' cards like DigiBoard for $1000.  But make sure you have

a 16550 chip on your I/O controller or you won't be happy.  A pretty good

deal are AST compatible cards with 4 ports.  You can get them for $60 if

you are lucky.  They just use one IRQ for all 4 ports and let you select

the IRQ and the base addresses.  This is pretty convenient, because it

is even more likely to get an IRQ conflict under UNIX than under DOS.

Try to get a card with 16550's on it, or one that has sockets that let

you replace the old 16450's or whatever with 16550's, without playing

with your soldering iron.  If you buy 16550's, try to get the original

NS (National Semiconductor) ones: NS16550AFN; Texas Instrument's aren't

as good.



Then you should get a good serial port driver like the excellent FAS 2.10.

It is quite flexible with default drivers for AST compatible and standard

I/O cards, supports speeds up to 115,200 bps, and supports both incoming

and outgoing calls on the same line very well.  It only works with System V

though.



I can't help smiling when people tell me about their ElEeT WaR3Z boards

running on DOS and Novell with a separate PC for each node.  With the

configuration mentioned above, you can easily have 4 or 8 high speed modems

with a host speed of 57.600 connected to a single 386 PC and no performance

loss.





Email me for information or accounts, or just send me love letters :)

sec@g386bsd.first.gmd.de.



by Seven Up (damiano @ irc)


Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déja tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts déja tous faits le font déjà extrèmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site. Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et /ou falsification de données. Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données. Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherches de failles. Tout cela est interdit et illégal ne faites pas n'importe quoi. Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site. Vous êtes soumis à ce disclamer. ET A CE TITRE, NI L'ADMINISTRATEUR, NI L'HEBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.