Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: p23-10.txt
                                ==Phrack Inc.==

                     Volume Two, Issue 23, File 10 of 12

                In The Spirit Of The Vicious Circle Trilogy...
                             Phrack Inc. Presents

                   *****************************************
                   ***                                   ***
                   ***        Big Brother Online         ***
                   ***                                   ***
                   ***     by Thumpr Of ChicagoLand      ***
                   ***                                   ***
                   ***           June 6, 1988            ***
                   ***                                   ***
                   ***  Special Thanks To Hatchet Molly  ***
                   ***                                   ***
                   *****************************************

The United States Government is monitoring the message activity on several
bulletin boards across the country.  This is the claim put forth by Glen L.
Roberts, author of "The FBI and Your BBS."  The manuscript, published by The
FBI Project, covers a wide ground of FBI/BBS related topics, but unfortunately
it discusses none of them in depth.

It begins with a general history of the information gathering activities of the
FBI.  It seems that that the FBI began collecting massive amounts of
information on citizens that were involved with "radical political" movements.
This not begin during the 1960's as one might expect, but rather during the
1920's!  Since then the FBI has amassed a HUGE amount of information on
everyday citizens... citizens convicted of no crime other than being active in
some regard that the FBI considers potentially dangerous.

After discussing the activities of the FBI Roberts jumps into a discussion of
why FBI snooping on BBS systems is illegal.  He indicates that such snooping
violates the First, Fourth, and Fifth amendments to the Constitution.  But he
makes his strongest case when discussing the Electronic Communications Privacy
Act of 1987.  This act was amended to the Federal Wiretapping Law of 1968 and
was intended to protect business computer systems from invasion by "hackers."
But as with all good laws, it was written in such broad language that it can,
and does, apply to privately owned systems such as Bulletin Boards.  Roberts
(briefly) discusses how this act can be applied in protecting *your* bulletin
board from snooping by the Feds.

How to protect your BBS:  Do NOT keep messages for more than 180 days.  Because
the way the law is written, messages less then 180 days old are afforded more
protection then older messages.  Therefore, to best protect your system purge,
archive, or reload your message base about every 150 days or so.  This seems
silly but will make it harder (more red tape) for the government to issue a
search warrant and inform the operator/subscriber of the service that a search
will take place.  Roberts is not clear on this issue, but his message is stated
emphatically... you will be better protected if you roll over your message base
sooner.

Perhaps the best way to protect your BBS is to make it a private system.  This
means that you can not give "instant access" to callers (I know of very few
underground boards that do this anyway) and you can not allow just anyone to be
a member of your system.  In other words, even if you make callers wait 24
hours to be validated before having access you need to make some distinctions
about who you validate and who you do not.  Your BBS needs to be a PRIVATE
system and you need to take steps to enforce and proclaim this EXPECTED
PRIVACY.  One of the ways Roberts suggests doing so is placing a message like
this in your welcome screen:

     "This BBS is a private system.  Only private citizens who are not
     involved in government or law enforcement activities are authorized
     to use it.  The users are not authorized to divulge any information
     gained from this system to any government agency or employee."

Using this message, or one like it, will make it a criminal offense (under the
ECPA) for an FBI Agent or other government snoop to use your BBS.

The manuscript concludes with a discussion of how to verify users and what to
do when you find an FBI agent using your board.  Overall, I found Roberts book
to be moderately useful.  It really just whetted my appetite for more
information instead of answering all my questions.  If you would like a copy of
the book it sells for $5.00 (including postage etc).  Contact;

                                THE FBI PROJECT
                                   Box 8275
                             Ann Arbor, MI  48107

Visa/MC orders at (313) 747-7027.  Personally I would use a pseudonym when
dealing with this organization.  Ask for a catalog with your order and you will
see the plethora of anti-FBI books this organization publishes.  Undoubtedly
the FBI would be interested in knowing who is doing business with this place.
The manuscript, by the way, is about 20 pages long and offers references to
other FBI expose' information.  The full citation of the EPCA, if you want to
look it up, is 18 USC 2701.

Additional Comments:  The biggest weakness, and it's very apparent, is that
Roberts offers no evidence of the FBI monitoring BBS systems.  He claims that
they do, but he does not give any known examples.  His claims do make sense
however.  As he states, BBS's offer a type of "publication" that is not read by
any editors before it is "published."  It offers an instant form of news and
one that may make the FBI very nervous.  Roberts would do well to include some
supportive evidence in his book.  To help him out, I will offer some here.

      *  One of the Ten Commandments of Phreaking (as published in the
         famous TAP Magazine) is that every third phreaker is an FBI agent.
         This type of folklore knowledge does not arise without some kind of
         justification.  The FBI is interested in the activities of phreakers
         and is going to be looking for the BBS systems that cater to them.  If
         your system does not, but it looks like it may, the FBI may monitor it
         just to be sure.

      *  On April 26, 1988 the United States Attorney's Office arrested 19
         people for using MCI and Sprint credit card numbers illegally.  These
         numbers were, of course, "stolen" by phreakers using computers to hack
         them out.  The Secret Service was able to arrest this people by posing
         as phone phreaks!  In this case the government has admitted to placing
         agents in the field who pretend to be one of us.  Watch yourself out
         there, the success of this "sting" will only mean that they will try
         it again.  Be wary of people offering you codes.

      *  In the famous bust of the Inner Circle and the 414s, the FBI monitored
         electronic mail for several months before moving in for the kill.
         While it is true that the owners of the systems being hacked (Western
         Union for one) invited the FBI to snoop through their files, it does
         establish that the FBI is no stranger to the use of electronic
         snooping in investigating crimes.

Conclusion:  There is no reason to believe that the government is *not*
monitoring your bulletin board system.  There are many good reasons to believe
that they are!  Learn how to protect yourself.  There are laws and regulations
in place that can protect your freedom of speech if you use them.  You should
take every step to protect your rights whether or not you run an underground
system or not.  There is no justification for the government to violate your
rights, and you should take every step you can to protect yourself.

I have no connections with Roberts, his book, or The FBI Project other then
being a mostly-satisfied customer.  I'm not a lawyer and neither is Roberts.
No warranty is offered with this text file.  Read and use it for what you think
it is worth.  You suffer the consequences or reap the benefits.  The choice is
yours, but above all stay free.

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\*///////////////////////////////////////




Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.