Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: banm-2.dms.txt
    /=======\          //=\\         /-\      ||        /-\      /-\
   ||       |         //   \\       || \\     ||       // \\    // \\
   ||       |    _   //     \\   _  ||  \\    ||  _   //   \\  //   \\
   ||---------  |_| //=======\\ |_| ||   \\   || |_| //     \__/     \\
   ||         |    //         \\    ||    \\  ||    //                \\
   ||         |   //           \\   ||     \\ ||   //                  \\
    \========/   //             \\  ||      \\_/  //                    \\
  B  e  l  l    A  t  l  a  n  t  i  c    N  y  n  e  x    M  o  b  i  l  e 
                                    o  r   
B l u n d e r i n g   A s s h o l e s   w h o   d o n ' t   k N o w  M u c h                               
                                     /\
                                    /--\
                                   /----\
                                 /--------\
                               /------------\
                             /----------------\

                           /--------------------\
                         /------------------------\
                       /----------------------------\
                     /--------------------------------\
                   /------------------------------------\
                  |A Few Bell Atlantic Nynex Mobile Phone|
                  |---Services Explained & other stuff---| 
                   \-------------by mechanic------------/
                     \______________part 2____________/

_________                   
Contents:
^^^^^^^^^
1.) Forward
2.) BANM Tip of the day
3.) Talk Dial, what it is, and how to use it.
4.) Closing


section: 1
________
Forward:
^^^^^^^^
        Welcome to part II of the Bell Atlantin Nynex Mobile Phone Services 
Explained and other stuff files. In this file, I will explain the service BANM
offers called Talk Dial. Remember, these files are here for informational 
purposes, to bring information to the h/p scene, because lack of information
hurts us all. What should you expect from later parts of this series? Welp, I 
will explain alot of the stuff about Talk Along, stuff from trashing, etc...


section: 2
____________________
BANM Tip of the day:
^^^^^^^^^^^^^^^^^^^^
        Welp, since this file is on the BANM services, I thought that it would
be fun to get a manual of some sort. I will write about the good stuff in the
manual at a later date, maybe part III of this series of files. Well anyways,
I was reading some literature about the Talk Along service. It's a discounted
price plan type of service for BANM. An dit said that there was something 
called an "Answer Book" that cam ewith the service. Including such topics as:
        
         Calling Information
         Roaming
         Billing
         Troubleshooting
         Service Information
         Cellulat Long Distance
         Special Features and services

It says that this comes with the Talk Along EXPRESS Package. So what I thought
was, "Hey, this may be interesting, I want to get a copy of this." So, I 
resorted to my ol' social engineering tactics (explained in an earlier file
from DMS). So I called em up, and this is how it went:

BANM: Hello, Bell Atlantic Nynex Mobile, this is Mike, how may I help you?
me: well mike, I got the Talk Along service, and I lost my manual, err, 
    answer book.
mike: Well sir, that is no problem, we have plenty down here. Is it possible
      for you to come over here and pick it up?
me: mike, sure, that'd be great! thanks alot mike, you have been a big help.
mike: no problem sir, our purpose is to help you out the best we can.
me: thank you, goodbye, and have a nice evening!
mike: you too. goodbye sir.

That was all it took, less than 2 minutes of conversation. So as you see, it
is definetly not hard to mooch info from these guys =] and that's it for the 
tip of the day.


section: 3
________________________________________
Talk Dial, what it is and how to use it:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        In this file I will explain to you the service of Talk Dail offered by
our favorite cell phone service company, BANM. Talk Dial is a voice activated 
dialing service, so you can dial numbers and stuff, just by saying a name or
a phone number, and it will call it for you. This is a "hands free service",
but you still have to press [*] [SEND] to use the service, which makes it 98%
hands free, and not totally. What the basics of this service are is, just say
a pre-entered entry, such as "defcon", and it will dial the number. This is 
available on any cellular phone, no exceptions, you just have to be subscribed
to the Talk Dial service. You can have up to 20 (wow..) pre-programmed numbers
in your personal directory. Talk Dial is available for 2.99$ a month. And it
has a 30 day money back gaurantee also. They will credit your account with 
BANM for the 2.99$. I personnaly think that this service is another pointless
addition, made to look cool, by the telco people, to make more $$, I dunno...
you take a look for yourself and think about that.
        I will attempt to explain how to access Talk Dial, how to set-up your 
personal directory on Talk Dial, and how to use this hands free dialing 
service.

        To begin using Talk Dial, press [*] [SEND]
        The first time you access the service, there will be a short announce-
ment including instructions explained in this article, on how to use the 
service. After you have heard the announcements, they will give you the opportunity to
listening to them the second and third times you access the service. 
        The third time you access the service, you will br prompted by a voice
that says "Talk Dial", followed by a tone. I will refer to the tone in this 
file with :: as a symbol in this file.
        There are 4 commands given after the ::, and they are:

     -DIAL BY NUMBER by saying a seven or ten digit number


     -DIAL BY NAME by saying a name stored in your personal directory

     -PROGRAM YOUR DIRECTORY by saying "DIRECTORY"

     -Listen to helpful instructions by saying "HELP"


=Dialing by number
------------------        
        Activate Talk Dial by pressing [*] [SEND]
        You can dial a number simply by saying it:

            THE SYSTEM SAYS:         YOU SAY:
            ----------------         --------
               Talk Dial ::         "8018553326" for example only
I'm Dialing "8018553326" ::

    *To stop the system from dialing, say "NO" immeadiatly after the tone.
     And you will be returned to the Talk Dial :: prompt

=Programming your personal directory
------------------------------------

        The Talk Dial personal directory allows you to make and uphold a list 
of up to 20 numbers that you will probably dial most frequently. Once you have
set this up, you can simply dial a number by saying a name.

  The "ADD" function; lets you add a name and number to your directory. Two
syllable words or two-word names for each name/number entry works the best,
the system seems to respond to these better. (well? what were you expecting
from the telco? QUALITY service?! =) And try to avaiod names that sound alike.
Because this may confuse the system. (But what if all your friends are named
mike?)
  
  The "DELETE" function; this allows you to delete a name from your personal
directory. You can just delete entries by name, or have Talk Dial list the 
names in your directory and you can follow the prompts from there.
  
  The "REVIEW" function; lets you review the names and numbers in your 
personal directory.

  Here's how to do it:


                          THE SYSTEM SAYS      YOU SAY         
                          ---------------      -------
                            Talk Dial ::      "Directory"
              Add, delete, or review? ::      "Add"
      Say the name or location to add ::      "DefCon"
                    Want to add "DefCon"?      "Yes"
          What's the number for "DefCon"?      "8018553326"
                "8018553326" Correct? ::      "Yes"

=Dialing by name
----------------
        Activate Talk Dial [*] [SEND]
        (once your personal directory is all set up, you can dial by name)

                          THE SYSTEM SAYS      YOU SAY
                          ---------------      -------
                            Talk Dial ::      "DefCon"
                 I'm calling "DefCon" ::

           *Remeber, you can stop the system from dialing a number by 
            immeadiatly saying "NO" after the tone, and it will bring you 
            back to the main menu.

=Helpful Hints for troubleshooting Talk Dial (taken directly from BANM)
-----------------------------------------------------------------------
- Always wait for a tone before speaking.

- Speak in a normal tone of voice but enunciate your words clearly.


- When storing a name in your directory use two-word combinations or two 
  syllable words for better recognition. Avoid names that sound similar to 
  each other or to one of the command words.

- The Talk Dial service will understand you better when using your handset
  rather than speakerphone. (so much for the hands free idea eh?)

- When using the service in "handsfree" mode, reduce backround noise by 
  rolling up car windows and turning off the radio. (really? man you guys are
  friggin' geniuses over there.. heh)

- When programming names in your directory, avoid extremely quiet or noisy
  enviroments. (so are you saying i should just open my window a crack?)
  If you mostly use the handset, program names using the handset. If you 
  mostly use the "handsfree" mode, program using your "handsfree" microphone.

- Say each digit of a telephone number separately. Talk Dial cannot identify
  grouped numbers like "twenty-five" or "eight hundred."

- Talk Dial understands the word "zero" better than "oh" [0].

- You do not need to begin long distance numbers with "1" or "zero."

- Talk Dial 'only' recognizes seven and 10 digit numbers. 911, 611, [#] or
  [*] service numbers must be dialed using the keypad.


- You can return to the Talk Dial menu by pressing the [*] key while in 
  "directory" or "help" menus.

- If your phone is unable to access Talk Dial by pressing [*] [SEND], try
  [*] [V] [A] [D], (*823). The majority of cellular phones can access the
  service using the [*] [SEND] keys. For additional information, consult 
  your Cellular Phone Owners Manual.


section: 4
________
Closing:
^^^^^^^^
        Welp, that's it for part II of the BANM series. Expect to see more 
in this series soon. Other services, more tips of the day, even the results
from trashing at BANM. Thanks, and I hoped you found this informational.




Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.