Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: p31-02.txt
                                ==Phrack Inc.==
                Volume Three, Issue Thirty-one, Phile #2 of 10
                -*[  P H R A C K  # 3 1   P R O P H I L E  ]*-
                            -*[  June 1, 1990  ]*-
                               -*[Phz]*-
---[ Markus Hess ]---
   Recently the Phrack editors had the opportunity to talk to Markus Hess in
his tiny Hannover flat.  This special edition of the Phrack Prophile details
our conversation, as well as general background information about the German
Hacker.
   This Phrack Prophile is not in the same format as previous ones because of
the nature of the profile. In the next issue, we will reform back to the
orginal creator's format.
            AGE: 26
         HEIGHT: 5' 10"
     HAIR COLOR: BROWN
           EYES: BROWN
           FROM: Hannover, West Germany
PAST EMPLOYMENT: Software developer in Hannover.
         PEOPLE: Stephen Winero, Walu Holland (Other CCC members)
      STRENGTHS: AT&T Unix, VAX, SunOs and BSD os's

   Hess, most well known as the hacker who's exploits are detailed in
Clifford Stoll's _The_Cuckoo's_Egg_, "is as paranoid on the telephone as he
is on the computer."  Although he was very reluctant to talk to us, we did
manage to talk to him about hacking and _The_Cuckoo's_Egg_.
Ringing Hanover..
RING
RING
RING
ANSWERED
HESS: Hallo?
PHRACK: Is this Markus Hess?
HESS: Yes.
PHRACK: Do you smoke Benson & Hedges?
         (At this point we weren't sure it was actually him)
HESS: Yes, who is this?
PHRACK: We are calling from the USA, we want to ask you some questions.
        We talk to hackers in the USA.
HESS: I won't have anything to do with hackers anymore.  I have talked in
      court earlier this year.
PHRACK: Did you know you were in a novel about a hacker in the US?
HESS: Novel? Yes, I know of a novel.
PHRACK: Have you read the book?
HESS: Yes I have read the book.
PHRACK: Is it all true?  Is it all true?  Do you think Cliff lied or tried
        to exaggerate in the book?
HESS: Yes, I think so.
HESS: Yes, He lied.
PHRACK: Have you ever talked to Stoll?
HESS: I have talked to him, but not privately.  I don't want to talk about
      this.
PHRACK: Have you ever seen Cliff Stoll?
HESS: Yes I have seen him.
      (We might think this from the back of the book)
PHRACK: He's goofy looking isn't he?
HESS: goofy? I don't understand.
PHRACK: Anyway, so you think he lied in the book?
HESS: Yes, he lied.
PHRACK: What did he lie about?
HESS: I don't want to talk about this.
PHRACK: Okay, are you in the Chaos Computer Club?
HESS: No, I won't have anything to do with hackers any more.
PHRACK: Were you ever involved with them?
HESS: No.  I was not in it.
PHRACK: Do you know anyone in it [the CCC]?
HESS: Yes.  I really must go now.
PHRACK: Who do you know in it [the CCC]?
HESS: Stephen Winero.
PHRACK: Is that it?
HESS: I know Walu.
PHRACK: Hmm.  Are you being watched?
HESS: I think so.  I can not talk about this.
PHRACK: Were you scared of going to jail?
HESS: jail?
PHRACK: Prison, were you scared of going to prison?
HESS: I don't know.
PHRACK: What happened in your words at court?
HESS: In your words? I don't understand.
PHRACK: What happened in court?
HESS: I don't understand.
PHRACK: Forget it.
PHRACK: Do you still have your computer?
HESS: No. I don't have any computer here.
PHRACK: Did you think they were going to catch you?
HESS: No.  I knew nothing of it.
PHRACK: Has any other hackers tried to contact you in the U.S.?
HESS: No. You are the first to call.
PHRACK: So is it my understanding that Stoll lied in parts of the book?
HESS: Lied?  Yes he lied.
PHRACK: Why do you think he would lie?
HESS: I don't know.
PHRACK: Do you think he made you look destructive?
HESS: Yes.  He made me look mean.
PHRACK: Are you? Mean that is?
        (Chuckle)
HESS: No.  He made me look like I was a criminal.
PHRACK: Why did you do it Markus?
HESS: Do what?
PHRACK: Hack all over the network like that?
HESS: I cannot answer.
PHRACK: Do they call you a liar in court?
HESS: Yes.  They call me a liar.
PHRACK: What are you going to do now?
HESS: I don't understand.
PHRACK: Are you finished with hacking?
HESS: Yes, I have nothing to do with hackers.
PHRACK: Was someone helping you hack?
HESS: I cannot answer.
PHRACK: How come you cannot answer that question?
HESS: I cannot.
PHRACK: Yes, well, Many in the U.S. [hackers] don't like the Novel.
PHRACK: What do you think of it?
HESS: It is not true.
HESS: I don't know.
PHRACK: Who taught you the EMACS hole?
HESS: I cannot say.
PHRACK: Then you must have been working with someone, correct?
HESS: No, I cannot answer.
PHRACK: Is the police comming down on you hard?
HESS: police? I don't und...
PHRACK: Yeah, yeah.  The law? Are they being hard on you.
HESS: Yes.

HESS: I must go now.
PHRACK: Can we call you later?
HESS: Umm, I don't know. No.
PHRACK: Why not?
HESS: I cannot answer.
PHRACK: What about in a couple of months?
HESS: Yes, in a couple of months you can call.
PHRACK: Your not moving are you?
        (Knowing that Germans rarely ever move and their phone
         numbers never change this was a silly Q.)
HESS: No. I no move.
PHRACK: Okay, then we'll call you in a couple of months.
HESS: Okay. I must go.
PHRACK: Wait a second.
HESS: Yes?
PHRACK: Do you have anything to say to American Hackers?
HESS: No.
HESS: I have nothing to do with hackers.
PHRACK: Well, good luck.
HESS: Yes, you too.


   Unfortunately, our lack of German and Hess' weak English made
communication difficult.  He is a very paranoid person who was obviously
uncomfortable talking to us.
   Those of you that have read Stoll's book know that Hess was involved
with hacks on American Military Computers, and indirectly involved with
Computer Espionage and the KGB.  Phrack strongly discourages trying to
hack Military computers and particularly takes offense to computer
espionage.
   From the information we have gathered from him and by talking to him,
we feel that Markus Hess wasn't as smart as Clifford Stoll portrayed him to be.
We also feel that Markus was not working alone and that others were involved.
This however we cannot be 100% sure because of our communication faults.

_______________________________________________________________________________





Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.