Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: sysf02.txt
     s   y   s   t   e   m      _ ____
_   __  ________  _   ___   _____\\  /_   _____________________
     ___\      /___ _   _ ___\__/     //_ _ _______ ____ _    //_________
   _\\__        __//___   _//_  \__  /_ ___\\     /_\  //_____ ____     /
       |________\   /_____\      _//_ |_   \_    __//   _____/_\  /_   //__
 _ ______   /_____________\ ______\   _//_   _____\    \\_   ____  /_ _   //_
        //______  /_____/    _\\______| _____\  /_______\/___ |/____//__    /_
               //___________________________________        /________   \ _
                                                   //__________     /____\\
                                                              //___________
Ŀ
                          System Failure: Issue #2                          

Flap. Here's the second issue. I decided to release it right after the first
one so I could make up for all the time I wasted prior to the first issue, and
so we'd have two issues out before DefCon. From here on out, I'm going to try
to release one issue per month, with the target release date being the first
weekend of each month. Our website is also up and under construction, so check
it out and tell us what you think. Comments, suggestions, and flames may now
be addressed to system.failure@usa.net, where it will be forwarded to the
editorial staff. If you wanna chat with us, find us on #rock or #peng on
either DALnet or EFnet. We should be setting up #sysfail on both nets soon
too, so come visit us or something. Thanks to Martz for the opening ASCII.
Now, on with the issue.
                                                         --Logic Box [7/10/97]
Ŀ
                   http://www.penguinpalace.com/sysfail/                    
                         [system.failure@usa.net]                           

                        We the people
                        The poor the disgruntled the median
                        Who shall never rise or fall
                        Regardless of our work
                        Shall rise as one voice
                        Through many skilled hands
                        Joined by wire and fiber
                        Joined by a common greed
                        Our restless yearnings
                        Show our displeasure
                        And rip apart the system
                        The system failure
                        Broken and molested
                        By the creators and
                        Those in their place
                        We can do it too
                        Rape the system failure
                        System Failure

                          --Pinguino
Ŀ
                                  CONTENTS                                  
                                                                            
 WorldVox: Helping Us to Talk for Free                         by Colaytion 
 How to Get Free Pre-Paid Calling Cards                         by vel0city 
 Ma Bell is Watching You!                              by Kenshiro Cochrane 
 DMV ID Scamming                                                 by Insight 
 Prima Via: The Path of Personality                               by Andrax 
 The Mind of the Phone Phreak                                  by Mr. SoniK 
 Mervyn's: The Cash Cow                                        by Splatessa 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                     WorldVox: Helping Us to Talk for Free
                   by Colaytion (civilwarfreak@hotmail.com)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
        So, you've been assigned the task of setting up a teleconference for
all your lamer friends, and you don't want to haul your ass out into the cold
night to find a COCOT to make it? Until this really lame-ass company came
around, that's what you had to do. However, with the increased drug use in the
US and the degredation of our schools, a new crappy company has decided to
make it easier for us to rip people off.

        Enter WorldVox, the company that will make it easier for businesses to
get togther and solve problems. They came up with the great idea of letting
these companies set up their confs over the Internet. All you need is a credit
card, and you're set. So, now, how would one of us go about setting up a conf
for our own use, without paying for it? Read on, my friend.

        Point your web browser to the ANONYMIZER! I know two lamers (Havok_
and Phrax) who made the mistake of setting up the conf from home without the
Anonymizer, that we all exploited. If you aren't setting up the conf from
home, then forget the Anonymizer, who cares. Once you get to WorldVox, click
the link entitled SCHEDULE. Now, this next step is VERY important. Set the
date for your conf for FEBRUARY 31 1997. Yes, that is FEBRUARY 31 1997, once
again, FEBRUARY 31 1997. If you skip this step, the conf won't get set up.
Trust me, I tried it. Enter the rest of the information (i.e. time to start,
time zone, duration, number of callers, etc.) with the CORRECT INFORMATION
that you want for your conf. So, all the info is correct EXCEPT for the date.
Then, click the "Check Availability" button. It should take you to another
page, and call you an idiot for putting in a date that's already passed.

        Now, on this page, change the date to the CORRECT DATE THAT YOU WANT,
and hit "Check Avaliability" again. Now, pick one of the numbers that come up
in the box. Don't worry about them not being 800 numbers, we'll take care of
that later. Now, enter all your perfectly legitimate and legal credit card
information, and your real name and email address. :)  Then click, the "I
agree. Reserve the call" button. Now, your conf is reserved, and a little page
should pop up (you may have to wait 1-2 minutes for this) and give you all the
information you need. Then click the "Finish/Show Receipt" button, and you're
set!

        Calling the conf is a little different. You need two people to set it
up.  These two people call (one person actually making a legitimate long
distance call, or with a calling card or redbox), the phone will keep ringing
for this first person until the second person calls. The second person should
make a collect call (using OCI) to the conf number. When the first person
hears his end stop ringing, answer normally with:

You : Hello, you big black negro.
Oper: Hello, this is Kevin from OCI with a collect call from Farmer Stinky
      Thumbs Arbukle.
You : Yeah, I want to talk to that nigger, put him through!
Oper: Ok, one moment sir... by the way, would you care to go out on a date?
You : Kevin, put him through you, gay faggot.
Oper: Do you think he's interested?
You : Hell no.
Oper: Go eat your mother's bloody tampon, and thank you for using OCI!

        Anyway, you two are now on the conf. Get a third buddy to call
collect. When the operator calls, you'll hear one ring, then the conf
automatically answers. Say "hello," and make sure only ONE of you answers, or
the op will hang up. Now that three of you are on the conf, whoever called
without using OCI can now hang up and call back collect. You must keep at
least two people on at all times to keep the conf alive. So, if you'll notice,
all of our calls are being paid for by our good friends at WorldVox!

        Even though you may set the duration to 3 or 4 hours, these confs
don't die at the time they are supposed to. The longest I have ever been on
one is probably 7 hours. I don't think we've ever used one until it died.

        So, there you go. You can set up a conf for everyone right over the
Internet, right from the comfort of your own room. The best thing is, everyone
will think you are one great guy for going out and setting up a conf in the
middle of the night. Have fun!

THE ANONYMIZER:  http://www.anonymizer.com/            (Whoa, tricky guys!)
WORLDVOX:        http://www.worldvox.com/              (You coulda guessed)
OCI:             A collect call company to rip off     (1-800-288-2880 ext 0)
KEVIN:           A gay operator who works for OCI
HAVOK & PHRAX:   Two lamers who didn't anonymize when setting up confs
COLAYTION:       The l33t-o guy who wrote this article

[Editor's Note: Just recently, WorldVox began to catch on to our nightly abuse
of their services, and they apparently busted in on an illegal conf one night
to tell all those involved that they were being busted. They changed their
webpage accordingly (for a day) to inform their customers about the "hackers"
(either that or someone hacked the page... no one really knows), naming
several who were supposedly getting busted. If you want to see what the
WorldVox webpage looked like at the time, I put up a mirror of the site at
http://linux.slackware.org/~logic/worldvox.html. As of now, they seem just as
oblivious as before, and we've been romping freely about their system and
abusing their services as usual. --Logic Box]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                    How to Get Free Pre-Paid Calling Cards
                by vel0city (vel0city@dogbert.phoenixnet.com)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
        I was supposed to have an article in System Failure #1 but I didn't
get around to writing one... so I'll make up for it with this horrible
article. I got this idea amazingly enough while on a payphone at a gas station
We've all seen those pre-paid calling cards. They range from five to one-
hundred dollars. Well, in this article I'll describe a method to retrieve
these cards free.
	
The things you'll need are:
        a) A payphone
        b) Someone's credit card number, expiration date, and name
        c) A gas station that sells these cards
        d) Clothes (I ran out of things you need)

How to do it:

	Ok, you put on your clothes (as mentioned above). Then you go to a
payphone, preferrably near the target gas station. You then call up the gas
station, and hopefully the employee will pick up. A typical conversation will
go as follows:

You: HI! This is Pablo. I'm from out of town, and I really need one of them
     there pre-paid calling cards.
Him: Well sir, we have them here, so just come on in and buy one.
You: Uhm I just said I was in a rush. So I'm gonna give you my credit card
     number and all that poop and I want you to charge two 20-dollar pre-paid
     calling cards to my Mastercard account. Is that ok with you?
Him: Uhh.. well, yeah, I guess there isn't a problem with that.
You: Ok, well, as I mentioned, I'm in a rush so I'm gonna get my son (or
     daughter, whatever you happen to be) to run in and get it.

        Then you casually walk into the store and pick up the calling cards,
telling them you are the son or daughter.

       --vel0city
  "is it nap time yet?"
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                           Ma Bell is Watching You!
                   by Kenshiro Cochrane (kcochran@peak.org)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
I got this from the local fone company. When I get a chance, I will scan it so
you can all see the cool and cheesy pictures.

FRAUD: IT CAN HAPPEN TO YOU
---------------------------
Calling card thieves don't care where you live or where you travel. Anyone
with a calling card can be vulnerable to their schemes. Once these thieves get
your secret number, they could charge thousands of dollars to your account
within a few hours. Here are some of the latest schemes to watch for:

   [These are the latest schemes? I thought these were rather old...]


"Shoulder Surfers" peer over shoulders to watch callers dial or stand close by
to listen to callers give operators their calling card numbers. These thieves
will often pretend to be waiting for the phone to cover the reason why they
are there... to steal your card number!

   [Time to get paranoid... We're watching you!]

What To Do: Always block the view of your card and the keypad, or use a card-
reader phone. Never say your secret card numbers if a stranger is nearby. It
is better to hang up and call back later from a different phone.

   [And piss the operator off so she sends security to your fone for hanging
    up on her :)]


"Dumpster Divers" wade through trash cans to find old cards or discarded bills
with calling card numbers on them.

   [Wouldn't that make them can divers?]

What To Do: Watch what you throw away. Cut up old cards and bills before
discarding them, making sure any calling card numbers are no longer
discernible.

   [Elmer's Glue can fix anything!@#]


"Investigators" call you directly, posing as law enforcement officials
investigating fraud. They will ask you for your calling card number for
verification purposes and may even threaten to disconnect your service if you
do not cooperate.

   [Is this social engineering??]

What To Do: NEVER give your calling card number to someone who calls you, no
matter how legitimate he or she may sound. Your phone company and long-
distance provider would NEVER have to call you for such information, and
neither would an investigator.

   ["AT&T, may I have your calling card number to complete your call?"  "I
    don't believe you are really the operator. If you were, you wouldn't need
    my number. It says so right here on this paper I got from my phone
    company!"]


Help in the fight against these criminals! Guard your calling card number. If
you believe your calling card has been compromised, contact your local
telephone company immediately!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                               DMV ID Scamming
                        by Insight (pyre@pacbell.net)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                            ,                              ... .          g
            ggggg a  ,    ,d$b,   ,dli;' ggggg a a        llii; ;    gg@$ $;
     a ggg,d$P'    ggggg a$$ ,di;'  d&liYb,d        gggg$;   ,d$$P'g$
      ~"Y$$ggg a  d$gggg,   $i;;`Y$;,  Y$li;' '`          $$$  ,d$$P'  $$;
     '.,dli;'' ' d$i; `Y$;; Y    `Yli;,`Yb,_  ,di;';     g,$$$  `Y$$b,  
        $$i;   ,d$i; ,  Y$li;, _  ,d$i;'  `Ylii;; ,,'     $$$ggg    
     ' ''`` `              a gg
                            i; ,                    fake - id

First things first: NEVER get caught doing ANYTHING wrong with this ID on your
person.

Ok, now on with the scam. What I did is quite simple.

1) You must find a person, preferrably a friend, that has a Driver's license,
   and has NEVER been issued an ID card (this is very important; if he/she has
   been issued both, then the DMV will just send a new ID to the address on
   record, and will not take your picture).

2) You must have his/her S.S. card and birth certificate (these must be the
   originals, or they will not accept them).

3) Make sure you know the basic information on the S.S. card and birth
   certificate, so when the bitch at the counter asks you a question, you can
   answer.

4) Go to your local DMV and say "hi, I lost my ID card and need a new one," or
   something to that effect. The DMV bitch will take some info, photocopy the
   S.S. card and birth certificate (the ones you "borrowed"), and you'll hand
   over the $ (it was $8 last time I checked).

5) You will then have your picture taken. NOTE: they will also take a
   fingerprint (this is why your friend CAN'T have an ID card beforehand,
   because the fingerprints will mismatch... a driver's license is ok).

6) Now the wait. In about 3-4 weeks, the backwards-ass motherfuckers will send
   your new ID to your friend's house. If your friend doesn't know you're
   doing this, then you have to "intercept" the mail. If he does know it, then
   just wait till he calls you, and pick up your ID.

7) That's all... happy drinking/smoking.

..:: text by insight // AiS (oh unf unf unf)
..:: really quick ascii by blk_jack // remorse (muh bed buddy )
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                      Prima Via: The Path of Personality
             by Andrax (e-mail system.failure@usa.net to contact)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
	Wholeness (pardon the pun) is a universal concept. There are an
infinite number of possibilities to finding some way to attain it. Some fold
themselves again and again, causing everything to rest on themselves never
guessing, or discovering, that they aren't exactly as they see themselves.
Some take a much more difficult road. The way of self-realization is the way
of much pain. To deviate from normally and what you've been told is right, and
find what the lies all mean, go deeper into life than your examples, and find
your truth; that's the most difficult feat of self possible. This is the
ultimate road, Prima Via.

Step One: Thought
	A common misconception in society is that people who can think do.
Not even a little bit. Television, radio, word-of-mouth, books, and recently
the internet all gear us towards simplistic reaction in place of rational
thought. We learn from a very young age what society wants from us, and from a
very young age we begin to conform. The Prima Via requires that you know why
you react to things the way you do. The only way to go about finding yourself
through your actions is to learn how to think. It's much harder than it
sounds.

        You have to get around the conventional process. It's not you thinking
if you don't know why something is taboo. I'll use an extreme example now. If
you have a fleeting thought about raping, beating, and killing a 4-year old,
and then suddenly recoil at it just because everyone and everything other than
you would disapprove of such a thought, you're not thinking at all. If you
actually know why it is that this thought is bad for you, and can fully
explain it in a self-supporting statement, then you can think. Let's complete
the example. Thinking about raping, beating, and killing a 4-year old is not
within the best interests of my retaining sanity and sanctity of mind. If I
allow myself to think this thought often enough, I may begin to believe I want
to act upon it, as the mind is quite plastic and prone to reprogramming. If I
act upon this thought, I will damage the child's mind, damage the child's
body, damage the child's parents, and damage myself. There is no obvious gain
from such an action, therefore it is wanton destruction, and detrimental to
systematic efficiency. Since efficiency is the path of least resistance, it
allows you to grow more quickly in the areas you wish to augment.

        Being more than you used to be is the way of cycle, and cycle is the
one definite and constant found in nature. Start minimal, become more, get
larger, move faster, plan better, go further, and eventually, all the things
you gained into yourself over your growth is given to those who are just
beginning the process, causing efficiency on a grander scale. By stunting the
child, parents, and self, you destroy someone's growth who came before, and
cause much inefficiency for the future, adding to non-thought and
anti-personality. All negativity is self-negativity.

Step Two: Self-Awareness
        Again, something that seems obvious... seems like everyone already has
this. Again, no. Wrong, zonk, bleh, hahaha, not. Self-awareness is actually
knowing yourself. You are not only familiar with your habits, but can
accurately predict your own actions and know why. You know what you would do
if presented with the idea of, oh... say, selling your soul, which you may
not even believe in, for a billion dollars, or an even more popular recent
example: one million dollars for one night with your betrothed, or wedding
partner. If you say, "I would NEVER!" and you really don't care, you're just
reacting to what you think you should say because you're part of "civilized
society" and think that's what I want to hear, and you're just full of shit.

        You have to know your reasons for the things you do. If I feel like
stealing some food from the grocery market, and I go ahead and act upon that
feeling, I'd damned-well better have given myself a good reason. It goes
against my not wanting more problems to arise from non-thinkers, who like to
have the power to cause thought patterns in others that are beneficial only to
them specifically, that are looking for a good scapegoat to accuse thought of
"being bad for you" as an exemplary measure. That would be bad, arming the
enemy. Something that would be more important would be, say, eating at least
once a week. First though, I would ask for food. Because I would be nice
enough to give to others, I have to assume they are nice too. So, in order
for me to steal, the victim would have to have wronged me morally in some way
after I was already extremely desperate and pitiful.

	In other words, my life would have to be in the balance and you would
have to be my last resort--on top of wronging me outright--before I would
steal something from you. Why? I already told you, businessmen: one who does
not know themselves is always second-guessing themselves, looking for some
kind of leader to make their decisions for them. That trait is what causes all
misery. The one who does not know themselves only knows that they're harrying
pain, not where it is or why, and they need someone else to fix it. This is
not to say that needing others is bad, because a need for others does quite a
bit to secure even the strongest of minds against those who would damage it
for their own purpose.

Step Three: Believing in Reality
	"Well, duh!" you say. Nope. Reality, regardless of anything you want
to explain it as, is indirect of the stimuli you perceive it through. You see
colors with your eyes, they distinguish between an itty-bitty little segment
of the electromagnetic spectrum. Every color you see is simply the one
wavelength blend that the object being seen doesn't absorb... reflected light,
a very weak source of information. The tools we use to see this information
are incredibly flimsy as well. A round lake of semi-gelatinous liquid laced
with opaque random tubes and a stretchy near-circular expanding hole over the
oddly-shaped finger-nail material lens form the apparatus. The collection
system is thousands of randomly-placed receptacles of two distinct kinds
connected by "wires" to the exact center of your viewscreen, where there's
absolutely no receptacles because the wiring takes up too much space, so the
whole contraption jiggles around at extremely high speeds in order to share
out this "blind spot."

        BUT, your eyes can't see anything while they're moving, so you're only
seeing what you're looking at about 20% of the time. The rest is spent in
blindness. All of this is wired into an ultra-powered haphazard computer that
SHOULDN'T work. It really is a wonder, all that work and effort for one
sensory organ.

[Editor's Note: This is actually one of Andrax's earlier writings. It ends at
this point and was never finished by Andrax. Sorry bout that. It's still
pretty cool though. :) -==-]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                         The Mind of the Phone Phreak
                       by Mr. SoniK (zigy@teleport.com)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
        Have you ever wondered why some people have so much fun being phone
phreaks? I always kinda wondered what it was that people found so neat about
telephones, then I eventually got more and more into phreaking and it became
really interesting to me and I wanted to learn more about it. I've read tons
of text files dating back to the late seventies that talk about phone
phreaking, and that's where I learned mostly everything I know, including what
I am writing about.
	
        So you've read stuff about phreaking and it sounded pretty cool how
you could get free phone calls and exploit the phone company to your
advantage, but it never occured to you why some people have so much fun doing
it? That's why I have decided to write an article about why some people have
decided to become phone phreaks.

        So you think that the people who call themselves "Phone Phreaks" are
the badass Gen-X type kiddies who can do anything on phones and computers?
Well, think again--phreaking has been around since the mid 60's, and is still
going strong. I'm almost sure that you've heard of a man by the name of
Captain Crunch (not the cereal box guy), who was a famous phone phreak from
the sixties. He got his name from a toy whistle that he got from a cereal box
that could produce the 2600Hz tone that was needed to blue box. Blue boxing
isn't about being able to make the free phone call to most phone phreaks; they
do it for the thrill of seizing trunks and stacking tandems and things like
that. Once a phreak succesfuly uses a blue box they will usualy find other
uses for their device or other ways to get a rush from it.  
	
        I suppose you think that a free phone call is no big deal... well, it
isn't really the thrill to most phreaks. Most phone calls that phreaks make
are to random numbers on the other side of the country or the world. Phreaks
get a kick out of calling people and asking them about weather in Virgina or
what their dog looks like (you get the idea). Alot of the calls that a phreak
is going to make are going to be fairly short, simply because they are testing
some equipment or techniques that they have shared with other phreaks that
they meet while on confrence calls and through voice bridge systems. More and
more, it becomes apparent that most phreaks are playing with Ma Bell just as a
hobby, not as a criminal career. Most of the time a phreak will build a box or
somthing just to see if it works before they take it apart to build somthing
else, or lose interest in it and move on to another toy they have heard of.

        If you have done some reading of text files or heard much about
phreaks, it may seem as if they have become quite destructive and criminal
over the years. The only reason for this is that Ma Bell has become offended
with the hobbies that some people choose and has decided to make the telephone
system more secure, in effect shutting out a lot of people from there favorite
thing to do. So, to explore, the phreaks have to turn to social engineering,
trashing, etc., in order to get the access to Ma Bell's "Underground" that
they desire. I hope that this article has shined a bit of light on the odd
hobby of phone phreaking, and helped you to understand why phreaks are the way
they are.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                            Mervyn's: The Cash Cow
                       by Splatessa (scabba@c-zone.net)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This started in 1994, when we realized that Mervyn's would give you up
to 20 bucks back for an (legally acquired or STOLEN, my preferred method)
item without a receipt. No ID needed, nothing but a fake signature on the
bottom of a printout. For the next two years of my life, I spent most of
my time in Mervyn's stores and sitting on my ass in my car. We continued
to drive up and down Interstates 5 and 90 and everything in between, and
collecting our 20 dollars per store. Sure, this was lucrative...but of
course we got greedy and wanted more. That is how we concocted this scheme....

FAKE RECEIPTS
-------------
Examining the receipts very carefully, we made it our next mission to
replicate them as well as we could. They are printed on a special roll
of paper, which is embossed with a MERVYN'S watermark on the back. These
rolls of paper are easily attainable; they're always behind the counter of
unmanned cash registers. Be sure to grab the "receipts" roll and not the
"log" roll, or you won't get the watermark and you'll have wasted your time.
If you can't tell the difference, i.e. they're not labeled, grab them all.
Best to use your opportunity getting the right one than none at all.

First we tried scanned receipts, which had about a 50% success rate. The
scanning and printing process leaves the receipt looking like it was either
photocopied, or that someone spilled water on it. Depends how idiotic your
sales person is, to know if they will accept it or not. This didn't work
as well as we would have liked, so we went to phase two: Creating Receipts.


CREATING RECEIPTS
-----------------
This process takes quite a bit of time, but in the long run, it is very
profitable. You'll need to use your graphics program (personally used Corel
Photo-paint) to make each of the letters and numbers on the receipt. Once
you have these fonts, you can piece your receipt together to say anything
you'd like!  If you're patient enough to get past this part, it's time to
go purchase something so you can have an actual receipt to work from. Make
sure to purchase whatever it is that you're planning on shoplifting, and
that you know you can get away with getting this item over and over again.
Think "small yet expensive". (Some favorites are leather belts, neckties,
children's clothing, pillowcases) BUY SOMETHING ELSE THAT YOU WON'T BE
RETURNING, SO YOU ARE GUARANTEED YOUR RECEIPT BACK. When you get your money
from the return, you'll be able to say "that has my dads birthday watch on
it and I don't know if he likes it yet" or whatever. Get creative. Take
your ACTUAL receipt to a nearby copy machine and make a copy of it to gather
information from, and then take those items you bought back to the store.
In doing this, you can see if the store has implemented any weird policies
about returning the specific item you're planning on returning over and over
again. Take your photocopy home and start working on the receipt...


EVERYTHING MUST LOOK REAL
-------------------------
If you're going to do a half-assed job anywhere, don't do it here. If it
doesn't look 100% real, don't bother using it.  ALSO BE AWARE that once
you have these fonts, they are virtually unsurpassed in usefulness. Lots
of companies still utilize the IBM 4863 computer cash register. You can
now make receipts for any store that does. Also, I've made fonts for
K-Mart, and another local store here in town. 


INVESTMENTS
-----------
For one dollar, at Mervyn's, you can buy a big-ass set of boxes to put
robes in. This in turn gives you a big-ass bag. I consider the one
dollar investment to get an actual bag from the store very worthwhile,
and a little more convincing. You can also use your boxes to return items in.


NO NEED TO SHOPLIFT
-------------------
Something else you can do, with your new found receipt making skill, is get
large items right out the door. The K-MART garden shop is always a good
target door. First, you need to get employee codes and make sure your
receipt says an employee who's NOT working. (explained later on) Make it
for about 3 hours before you arrive. Circle the item you're stealing on
your receipt and write EXCHANGED and scribble some initials. Then, when
exiting the Garden Shoppe door, show your receipt briefly to the guy picking
his nose by the cash register. He will let you go with no argument.
Lots of stores have tape that they put on large items to prove you've
purchased it rather than bagging it up. Mervyn's, however, just ties or tapes
a little Mervyn's bag to super huge items. Grab a handful of these tiny bags
and tape them to the things you want, and walk right out the door. (with
your receipt!)  Also, just pick up your items from the display and take
them to a register on the other side of the store. Drop them on the counter
and say, "man, I looked all over my car for a bag but I couldn't find one!"
and pull out your receipt. This has never failed. $$$$


AP LP AND CODE 217
------------------
If ANYONE CALLS for AP (asset protection) LP (loss protection) or extention
217 while you're doing something objectionable in Mervyn's, it's a good idea
to skip that whole store. A typical code would be 217 TO MEN'S, 217 TO MEN'S.
This means they want someone from asset or loss protection to call up the
men's department. It also means that it's likely that someone from AP or LP
is working at the time. They get off work at 6:30 PM, and are hardly there
when they're supposed to be. You can call Mervyn's and ask for ext. 217 to see
if anyone answer. "217 TO MEN'S, 217 to MEN'S" OR "217 call 302"  Go call 302
yourself, and find out what department it is. (yes, that's why those phones
are all over the walls of the store. For your convenience. USE THEM!
If you're IN the men's department, assume that the call is about you and get
the fuck out. Of course they can't arrest you unless you steal something, but
I suggest having the least amount of employees see you as possible. If 217
TO MEN'S is called while you're in the bedding department, cruise on over to
men's and listen in on the phone call. It's worth it to go out of your way
for valuable information.


#88 STORE INTERCOM
------------------
You sure as hell can divert any attention from you by having a friend come in
and pick up any of those phones located around the perimeter of the store,
and start calling LP over the intercom. They'll be so busy locating your
friend that they won't see you walk out of the store with a shopping cart
full of tablecloths...also fun to state in a calm yet serious voice "all
shoppers evacuate the store immediately" and while everyone's running out
the doors join them with an armload of stuff. 


TIGHT PANTS GUY
---------------
It's like, who the fuck wears long tight pants in the middle of summer?  Who
the fuck even wears tight pants these days anyway?  Answer: No one except
Mervyn's and various other stores Loss Protection Officers. If really tight
ball smashing pants come back into style, it will be hard to tell them from
the rest of the population, but as for now...if anyone wearing tight pants
and running shoes is even remotely interested in you, abort the operation.
Don't worry though, these guys aren't very smooth, and will make themselves
very obvious to you so you'll have ample opportunity to pretend like you
were just holding those women's bras (another "Small yet expensive", BTW)
down your pants for convenience. If tight pants guy actually sees you hide
something on your person without you noticing, he will go stand outside
the entrance he saw you enter through and wait. And wait. And wait.
Until someone radios to him "HEY HE'S GOING OUT THE OTHER DOOR!" By that
time you're in your getaway car and laughing while tight pants guy comes
sprinting around the corner to apprehend you.


RECEIPT LAYOUT
--------------
You'll need to determine yourself what the numbers on the top of the receipt
are for. I don't exactly remember what position they are in, but there
are numbers for 

Store Number
Employee Number
Register Number

You can make these determinations yourself by buying cheap shit from the
same register, but with a different employee, seeing which number changes
and which stays the same. I don't think I need to explain the process of
elimination to you. If I do need to, you shouldn't even attempt the
aforementioned scam.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Well, that's it for the second issue. DefCon V is right around the corner, so
look for us there and tell us how much you love/hate our zine. See you all in
Vegas!@#$
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-E-O-F-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.