Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: sysf06.txt
r1zzo
,               ,xqQQ"'' `$$qx, ,xqQ$:    $$qx, ,xqQQ"'' `QQqx,              ,
;               $$$QQ:    $$QQ$qQQ$$$:    $$$QQqQQ$$$::   $$Q$QQQ  Q    Q    ;
;,              Q$$$$:    q$$Q$Q$$QQ:    qQQQQ$$$Q$:    q$QQQ             ,;
;;;;;;;;;;;;;;; $QQ ,,;;;,, $Q$QQQQ , ;;; , $QQQ, QQQ,;;;,$$$ , ;;;;;;;;;;;;;;
;'              ,,,,X     X,,,,",,,,Xx, ,xX,,,,"X,,,,:    ,,,,X               `;
'               XXX:    XXX           XXXX XXX:    XXX              `
      X     X XXXX::   X  sysfail  XX :    X
                XXx, ,x    no6     Xx, ,x

    [ssy s  temm     fa il llll  uru ur e      num b    e rr      six xx x]

Ŀ
                          System Failure: Issue #6                          

Here's the sixth issue, on time for once. Thanks to r1zzo for the opening
ascii. We've got a new domain (sysfail.org), as well as a new editorial
contact address (sysfail@linux.slackware.org, thanks to Kadafi), so go to our
site and check out all our new stuff. The page is very near close to being
completed, so like, um, phear, or something. We've also added a new member to
the group: Mr. SoniK (541). He's been a frequent contributor and a good friend
for a long time, and we think he'll add alot to the group. That being said,
on with the issue. Enjoy!
                                                        --Logic Box [11/30/97]
Ŀ
                           http://www.sysfail.org/                          
                        [sysfail@linux.slackware.org]                       

Ŀ
                                  CONTENTS                                  
 SysInfoTrade                                                   by Pinguino 
 Fake Mail: A Step-by-Step How-To Guide                        by Da Kender 
 Firewalling Your Linux Boxen, Part 1                          by Dr. Seuss 
 Surveillance: Big Brother?                                    by Mr. SoniK 
 Free Confs from Sprint                                          by Klenzir 
 Sprint Cracks Down on Immoral Calls                           by Mr. SoniK 
 AT&T 800's                                 by Jolly Spamhead and HomiGBoBo 
 A Short Note                                                  by Logic Box 


<-------+
        |  SysInfoTrade
        +----------------> pinguino@leper.org

--Mr. Sonik joins the System Failure crew as a writer.
--We have *2* new email addresses! The one that reaches the entire staff is
sysfail@linux.slackware.org and the other one is sysfail@yahoo.com
--Get in the groove with the funky ravers at Penguin Palace and Alienz Prod.
pnm://www.raver.org/muerte.ram Check out our very own MUERTE spinning live
*pnm is the real audio location file; you need the player to hear it.
--Another email address to scam with.. i mean use.. is available. Working
just like hotmail does comes YAHOO.. boomboomdaboom.. just go to
http://www.yahoo.com and get yahoomail.. all they want is a name, email
addy to reach ya at, and a birthdate. It's all automated.
--Found some more really cool sites.. one idea I always wanted to carry
out was to map out an entire ac and write down the cool trashing spots,
carding possibilities, payphone #s, and other areas of interest. I stumbled
across a site someone did that has a bunch of area codes and a list of payphones
and their # in it. Its far from complete; my ac only had 3 listings, but
if we all pay attention and keep track of our surroundings, and submit
the info, it would help all of us in the end. The url for the payphone site is
http://www.paranoia.com/~sorabji/resources/payphone
--"GENEVA (AP) -- Concerned at the growing use of the Internet for racist
propaganda, international experts are debating how -- and whether -- to
combat the spread of computerized hate messages." -associated press 11.13.97
    I ain't no racist nigga, bitch!!@
    Actually the government is on our side this time. The weeklong meeting
was sponsored by the UN and they listened to a buncha activists moan about
how the KKK and skinheads had webpages that could be read by innocent Swiss
citizens. How sad. The US said, "Fuck you, the internet (on our side anyways)
is gonna follow the rules of our constitution." And the other guys said,
"Don't you have any morals? It should be censored to follow the acceptable
universal code of behavior." It came down to the US not wanting their ISPs to
censor webpages and not wanting to put money into enforcing something that
has way too many loopholes.
--Two is better than one. Diamond is soon releasing a new upgradable product
called the Suprasonik II, which is a modem that takes 2 datalines. It'll be
under $200 and better than 3com's rival $800 product. You get 112k/sec on
these, but they're designed for home use or for small companies with few
internet users. The market targeted for these is the 25% of the US who already
have 2 phone lines.
--At 10:00am on Nov 10, the first ever internet court ruling was to occur..
yet it didn't happen. Not from hackers, but a power line in a manhole near
the designated ISP blew out the power, at 9:59am.
--The next SysFail issue is our Christmas one. Christmas is a special time
for me, and since I'm editing that issue, I'm asking all the writers out
there to send me their fictional h/p related stories and poetry, especially
those with a Christmas theme. Trashing in the snow, taking advantage of
power outtages, hacking santa.com, we want it =) send to pinguino@leper.org
--November 4, 1997, AOL won a court case against a pr0n spam company in Vegas
called Over the Air Equipment. Spammers suck.                                                          
--My old phone number ended in GUMP. I did that manually but theres two
sites that will create phoenic charts automatically: www.bitfire.com and
www.phonespell.org. Have fun!
--CuervoCon II will be held at the El Paso Marriott in El Paso, TX on January
2-4, 1998. Visit http://www.cuervocon.org/ for details.
--We still have System Failure and Thank You for Abusing AT&T stickers avail
in fine black vinyl. $1 each, e-mail pinguino@uix.com. New stickers coming
soon (as soon as I have access to a color printer somewhere).
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                    Fake Mail: A Step-by-Step How-To Guide
                     by Da Kender (dlphreak@hotmail.com)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Okay, so you want to send your friend some e-mail but you don't want him to
know YOUR e-mail addy, or maybe you're too lazy to get a hotmail account
(pretty pathetic, every phreak should have a hotmail account handy), or maybe
you want to send mail that can't be replied to, or sending mail AS someone, or
as "president@whitehouse.gov" so when you harrass someone (i.e. a hick) and
they reply to it, they're yellin at Bill himself. Whatever your reason for
wanting to send fake mail is, here is how.

- STEP ONE: LOAD A TELNET CLIENT
If you need help on this one, you shouldn't even be reading this.

- STEP TWO: PICK A MAIL SERVER TO TELNET TO
If you don't know of one (big surprise), you can easily guess one...

Mail servers only exist on ISPs that have e-mail addresses (i.e. isp.net).
They are mostly in this format:
mail.isp.net
mailhost.isp.net

They are usually accessed through port 25. When connected, it'll spit out
some garble. Now you punch in "HELO hacker.com" (It doesn't have to be
hacker.com, because for some reason some domains work and others don't, and
hacker.com has worked for me so far, plus once you enter, it has no more
relevance to what you will be doing).

Now you punch in who the mail is "from." Note this does not have to be a real
e-mail addy, it doesn't even have to be an e-mail addy at all, just must not
include spaces, but keep in mind that if you don't specify a domain, it adds
an "@mailhostdomain.extension." The format is "MAIL FROM: *where mail from*"

NOTE: THE ABOVE HAS ALMOST ZERO RELEVANCE TO WHAT WILL BE SENT, IT IS
OVERRIDEN WITH A COMMAND THAT COMES LATER.

Now you punch in the where to send the mail. The format is "RCPT TO: *where
mail to*"

Now you punch in "DATA"

Now you type in the data. The following are optional:
FROM: *NAME*
(NOTE: THIS IS MORE IMPORTANT THAN THE "MAIL FROM:" COMMAND USED EARLIER)

SUBJECT: *A SUBJECT*

DATE: *A DATE IN THE FOLLOWING FORMAT: 3 letters, a space, and a 2 digit no.*
(NOTE: THIS IS NOT NECCESARY, BUT IF YOU DO NOT PUT A DATE IN, IT WILL SEND IT
AS "??? ??"

Now type in the e-mail message, and to stop it, just put a line with just a
period and hit enter. Your mail has now been delivered.

Now punch in "QUIT"


EXAMPLE (TELNET ADDY:mail.isp.net PORT:25)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
NOTE: This log has been modified for ease of reading, everything I type is
preceeded by a ">" and a space with notes added in.

220 ispnet-mail.isp.net ESMTP server (post.office v2.0 0813 ID# 0-11010)
ready Tue, 21 Oct 1997 19:30:13 -0700
> HELO hacker.com
250 ispnet-mail.isp.net
> MAIL FROM: roy@weet.gov
250 Sender  Ok
> RCPT TO: dlphreak@hotmail.com [<--My Hotmail addy]
250 Recipient  Ok
> DATA
354 Ok Send data ending with .
> FROM: Roy Gerbil
> DATE: Iba 69
> SUBJECT: About your current activities...
> Hello son,
> This is Roy Gerbil with WEET (Washington Electronic E-mail Team), and it has
come to my attention that you have recently been delving in illegal activities
of fraud. If you desist now I will e-mail you a cookie every three to five
weeks.
> Roy Gerbil,
> -WEET President
> .
250 Message received: 19971022023012961.AAA179@hacker.com
> QUIT
221 ispnet-mail.isp.net ESMTP server closing connection

This is my mail:

First, on the list of mail...

From		Date	Subject					Size
Roy Gerbil      Iba69  About your current activities...        1k

Now, let's read the mail:

From roy@weet.gov Tue Oct 21 19:37:34 1997
Received: from hacker.com (evd4.evermann.indiana.edu [149.159.144.234])
    by ispnet-mail.isp.net (post.office MTA v2.0 0813 ID# 0-11010)
    with SMTP id AAA179 for ;
    Tue, 21 Oct 1997 19:31:26 -0700
FROM: Roy Gerbil   
DATE: Iba 69
SUBJECT: About your current activities...




Hello son,
 This is Roy Gerbil with WEET (Washington Electronic E-mail Team), and it has
come to my attention that you have recently been delving in ilegal activities of
fraud. If you desist now I will email you a cookie every three to five weeks.
Roy Gerbil,
-WEET President

The address that comes up when I hit reply is roy@weet.gov.

Several Important Things
------------------------
* NOT TOTALLY untraceable, but it helps, and, it doesn't give away your
  actual e-mail address, also keep in mind that if you find a good mail
  server it won't send your IP addy with it, it'll just send the addy you
  punch in after "HELO."
* This is for, umm, educational purposes. ;)
* This is against the law, it's considered theft of services or something.
* I will not be charged for your stupidity.
* No Guinea Pigs were harmed during the production of this text.
* Weet!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
         Firewalling Your Linux Boxen, Part 1: A Stand-Alone Firewall
                    by Dr. Seuss (drs@linux.slackware.org)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This article is intended to be a starting point for those looking to implement
a packet filtering firewall on a Linux 2.0 system. It is the first in a three
part series, covering the following subjects:

Part 1: A Stand-Alone Firewall
Part 2: Using a Linux Box to Firewall Your LAN
Part 3: Firewalling in Relation to Masquerading

All examples in the article come from a Linux 2.0.32 machine with lo and ppp0
interfaces. These settings have been verified to work with kernels down to
2.0.27, and should be easily portable to other configurations.

In order to implement a packet filtering firewall in Linux, you must first
re-compile your kernel to include firewalling capabilites. The following
options must be set as listed below.

Note: these are simply the options needed for firewall support, make sure you
add any other options required for your particular system.

CONFIG_FIREWALL
CONFIG_IP_FIREWALL
CONFIG_IP_FIREWALL_VERBOSE
CONFIG_IP_ALWAYS_DEFRAG

After setting the appropriate options, recompile and boot the new kernel.

All Firewall options are set / read with a single program ipfwadm. The basic
syntax of ipfwadm is ipfwadm   . More information will
be provided on the usage of ipfwadm later in this article. Full ipfwadm
docmentation can be found by checking ipfwadm(8).

The most effective way to initialize your firewall is to create a
/etc/rc.d/rc.firewall and call that file from rc.local. The first thing you
want to do when initializing the firewall is to clear all entries in the
firewall table. This is done so you can add additional entries to rc.firewall,
re-run it, and have a clean firewall table. The first lines added to
rc.firewall should be:

#!/bin/bash
ipfwadm -A -f
ipfwadm -I -f
ipfwadm -O -f

Those lines clear the Accounting, Input, and Output firewall rules. ipfwadm
also accepts -M and -F as a TYPE option but these do not apply to a
Stand-Alone firewall. Each firewall type has one DEFAULT policy. This default
policy is the policy applied to each packet if it does not match any other
rules. The default policy is set with the following lines:

ipfwadm  -p 

where policy is one of accept, deny, or reject.

After clearing the Firewall rules, you will want to set your default policies
for input and output to accept. The is done by adding the following lines:

ipfwadm -I -p accept
ipfwadm -O -p accept

You have now created a Firewall that accepts everything. Now you can add rules
to deny packets you do not want entering your system. When adding rules, be
aware that the kernel processes each rule in the order added, so positioning
of rules is critical to optimum performance. The first thing you will want to
do is deny many ICMP messages. These include Destination Unreacbables,
Redirects, Echos, and Traceroutes. To do this we will add the following lines:

ipfwadm -I -a accept -P icmp -S 127.0/8 -D 0/0
ipfwadm -I -a deny   -P icmp -S 0/0  3 -D 0/0 
ipfwadm -I -a deny   -P icmp -S 0/0  5 -D 0/0
ipfwadm -I -a deny   -P icmp -S 0/0  8 -D 0/0 -o
ipfwadm -I -a deny   -P icmp -S 0/0 11 -D 0/0
ipfwadm -I -a deny   -P icmp -S 0/0 30 -D 0/0

You may notice that all the commands seem to follow the same format except for
the third command with includes a -o. The -o tells ipfwadm to log the action
via a kernal message. Knowing this, we can see that what we are doing with
these rules is on Input Denying ICMP Protocol Messages with the Source
anywhere, and the Destination anywhere, with types of 3,5,8,11, and 30, we are
also logging type 8, which is ICMP ECHO. The complete list of ICMP Message
types is available in RFC1700. Denying or Denying and logging addtional ICMP
types can be accomplished with additional rules, following the same syntax.

The next rule you would normally add is to drop all packets that say they are coming
from localhost from the outside interface. This is accomplished by allowing
packets from lo with addresses of 127.0.0.1 and deny from the the external
interface, in this case ppp0.

ipfwadm -I -a accept -P all -S 127.0/8 -D 127.0/8 -W lo
ipfwadm -I -a deny   -P all -S 127.0/8 -D 127.0/8 -W ppp0 -o

These commands introduce a new option into our vocabulary: -W. This option
makes this rule apply only to packets which come (for input) or are going (for
output) to the specified interface. Obvisouly we would want to accept all
localhost traffic from lo but localhost traffic should NEVER come from ppp0,
so we deny the packet and log the attempt.

This last rule is one I normally add since many people still try to "winnuke"
your machine. What this rule does is deny all traffic to TCP port 139, and
log it.

ipfwadm -I -a deny -P tcp -S 0/0 -D 0/0 139 -o

After compeleting all of this your rc.firewall should look something like
this:

#!/bin/bash
ipfwadm -A -f
ipfwadm -I -f
ipfwadm -O -f
ipfwadm -I -p accept
ipfwadm -O -p accept
ipfwadm -I -a accept -P icmp -S 127.0/8 -D 0/0
ipfwadm -I -a deny   -P icmp -S 0/0  3 -D 0/0
ipfwadm -I -a deny   -P icmp -S 0/0  5 -D 0/0
ipfwadm -I -a deny   -P icmp -S 0/0  8 -D 0/0 -o
ipfwadm -I -a deny   -P icmp -S 0/0 11 -D 0/0
ipfwadm -I -a deny   -P icmp -S 0/0 30 -D 0/0
ipfwadm -I -a accept -P all -S 127.0/8 -D 127.0/8 -W lo
ipfwadm -I -a deny   -P all -S 127.0/8 -D 127.0/8 -W ppp0 -o
ipfwadm -I -a deny -P tcp -S 0/0 -D 0/0 139 -o

Save rc.firewall, make it executable, then execute it. You are now ready to
test your firewall. The first thing you want to do after adding ANY Firewall
rules is to make sure that everything is working, connect to an FTP site,
browse a couple of web pages etc. Once you are sure everything is working you
can begin testing. The easiest way to do this is to telnet to a shell account
somewhere and do your testing from there. If that is an impossibilty for you,
call a friend and have him help you test it. There are 3 things you are going
to want to test: pinging, echos, and logging connections to port 139. In this
example I have named the remote machine remote.machine, and the local machine
firewalled.linux.boxen. firewalled.linux.boxen's IP will be 192.168.1.1, and
remote.machine's IP will be 10.0.0.1. To test these new rules you will first
ping your machine from a remote computer. The output should be as follows:

remote.machine:~# ping firewalled.Linux.boxen
PING firewalled.linux.boxen (192.168.1.1): 56 data bytes

--- firewalled.linux.boxen ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss
remote.machine:~#

As you can see the remote machine received no ping response from the
firewalled.linux.boxen. Checking the log files on firewalled.linux.boxen, you
should see the following message:

Nov 24 18:28:39 router kernel: IP fw-in deny ppp0 ICMP/8 10.0.0.1
192.168.1.1 L=84 S=0x00 I=47685 F=0x0000 T=62

This is the logging of the failed ping attempt.

Next you should try to do a traceroute to your machine. The output should be
as follows:
 
remote.machine:~# traceroute -n firewalled.Linux.boxen
traceroute to firewalled.linux.boxen (192.168.1.1), 30 hops max, 40 byte
packets
 1  205.215.225.49  5.419 ms  5.37 ms  5.444 ms
 2  205.215.224.7  5.587 ms  4.7 ms  6.877 ms
 3  207.201.63.6  7.008 ms  8.722 ms  7.67 ms
 4  157.130.192.249  7.791 ms  6.526 ms  7.308 ms
 5  137.39.13.134  9.135 ms  7.175 ms  9.707 ms
 6  137.39.196.22  9.796 ms  9.531 ms  8.585 ms
 7  137.39.13.114  10.783 ms  8.68 ms  8.882 ms
 8  198.32.136.32  192.978 ms  155.567 ms  53.908 ms
 9  207.20.7.5  20.107 ms  23.464 ms  21.367 ms
10  204.247.122.102  20.883 ms *  18.784 ms
11  208.135.52.5  21.857 ms  21.529 ms  23.425 ms
12  208.135.50.82  41.907 ms  29.576 ms  53.845 ms
13  199.4.94.96  41.416 ms *  93.011 ms
14  207.48.87.33  49.245 ms  56.387 ms  26.825 ms
15  207.48.88.249  29.165 ms  58.567 ms  76.408 ms
16  * * *
17  * * *

remote.macine:~#

This shows a traceroute to firewalled.linux.boxen which times out when it
reaches firewalled.linux.boxen.

The final test is to connect to port 139 of firewalled.linux.boxen and check
the log. The output should be as follows:

remote.machine:~# telnet firewalled.linux.boxen 139
Trying 192.168.1.1...

telnet> quit
Connection closed.
remote.machine:~#

The connection never occurs, so you are forced to abort the session. Checking
the log files on firewalled.linux.boxen, you should see the following message:

Nov 24 18:59:40 router kernel: IP fw-in deny ppp0 TCP 10.0.0.1:1832
192.168.1.1:139 L=44 S=0x10 I=47803 F=0x0000 T=62

These tests have proven that your firewall is functioning properly.

This is not by far a complete firewall but simply a starting point for you to
build on. Take some time to think about what you should deny, what you should
log, etc. Remember, the placement of rules greatly affects performance.
Following are a few examples of how to block and/or log certain services. Feel
free to use part or all of them in your rc.firewall.

These rules deny and log all syslog connections from any place other than
localhost:

ipfwadm -I -a accept -P udp -S 127.0/8 -D 0/0 514
ipfwadm -I -a deny   -P udp -S 0/0     -D 0/0 514 -o

This rule logs all SMTP connections:

ipfwadm -I -a accept -P tcp -S 0/0 -D 0/0 -o

This rule will stop RealAudio streams:

ipfwadm -I -a deny -P udp -S 0/0 -D 0/0 7070

This rule logs connections to the AOL port:

ipfwadm -I -a deny -P tcp -S 0/0 -D 0/0 5190 -o 


REFERENCES:
ipfwadm(8)
ipfw(4)
RFC 1700
Kadafi's original rc.firewall.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                          Surveillance: Big Brother?
                       by Mr. SoniK (sonik@clipper.net)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
        Have you ever been walking down the street just minding your own
business and you all of the sudden get the feeling that you're being watched?
Not necessarily being watched by other people, but rather by the electronic
eye. I get the feeling all the time that I'm being watched. Sometimes I get
really nervous and act very strange. Some of you may just call me paranoid,
but the people like me who understand the consequences and repercussions of
such actions are able to reason with me. I have noticed almost everywhere you
go there seems to be so called "security cameras." Places like the airport,
bus station, shopping malls, grocery stores, and even your friendly
neighborhood mini-mart or gas station have them. All over these cameras are
happily filming your every move and profile. Why are we being watched and by
who?

        These "security cameras" are designed to intimidate. With cameras
trained on your every footstep it becomes hard to relax. Are these cameras a
way to force society into conformity or are they a way to provide constant
security? The line between a watchful eye and a invasion of privacy is so fine
that it often becomes hard to tell. Some argue that cameras are there to make
it safer for the public.

        How many cameras have you seen that stop a robbery, mugging, rape, or
murder? Is a camera at a bus station supposed to prevent a woman from being
mugged? Maybe sometimes it will, but if you have seen the television show
Real TV, you may notice that the TV show is direct proof of cameras failing to
do anything but film the everyday lives of average people. I do agree that
cameras have lowered the rate of shoplifting in stores and increases the
conviction rate of crimes caught on tape but have they begun to intrude into
our lives? Who's to know when that happens.

	How would you feel if there were cameras in the stairways and
elevators of your apartment building? Would you feel safe, or insulted and
spied upon? I have noticed cameras on school buses at my school. I wondered if
that was supposed to keep the kids riding the bus under control. I can tell
you from first-hand experience that it doesn't do a thing. I don't know, but
maybe it's there to prove which kids are showing inappropriate behavior. Who
knows?

        Most people are satisfied with the explanation of "security measures"
for the cameras. Personally, it makes me think of the old saying "Big Brother
is watching you." Remember, it's better to be a shifty-eyed, paranoid weirdo
than in prison.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                            Free Confs from Sprint
                       by Klenzir (klenzir@hotmail.com)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
        We all love to hang out on a teleconfrence all night. But, there has
been a dilemma as to how to go about setting one up. When they first came
around, you had to have a stolen credit card and the willingness to go out to
a payphone and set one up. Then along came WorldVox (www.worldvox.com). That
was so much better than running five blocks at 2:00 in the morning to a
payphone, but you still needed a credit card. It was also a bit complicated,
especially after they caught on. Now there's a company that brings you illegal
confs absolutely free. Yes ladies and gentlemen, it's Sprint. Just point the
old browser towards www.sprintconf.com and put in your info, and you have a
confrence. The problem is, you can only use it once. They say that it will
disconnect after ten minutes, but there is a bug in the system, so it doesn't
(though these confs will occasionally die on you if no one is talking). What
you do is: put in your name, e-mail address, phone number, and the number of
the person you want to call first. There is also room for eight other people.

        One way that I've found to exploit this is to put in a fake name and 
e-mail address, and put in a random number for your number. Put your real 
number in as the first person you want to call. When your phone starts to
ring, pick it up and answer "Hi, this is Scott from your local telco. We've
noticed an excess amount of static in your lines lately, and we'd like to ask
you to leave your phone off the hook for the next two hours while we work on
it. I'm sorry for any inconvenience this might be." Hopefully, their reply
will be "OK!" and they'll put down the phone. If they give you a hard time,
you have two choices. The first is to say "Okay sir/ma'am, I'll try back at a
later time." The second way is to give them shit about it and tell them their
phone won't work until you work on it. After they put down the phone, start
dialing out. Make all the long distance calls you want, because after all,
it's phr33.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                     Sprint Cracks Down on Immoral Calls
                       by Mr. SoniK (sonik@clipper.net)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
        A few months ago, I was on a WorldVox confrence with a few friends,
and we were all bored off our asses. Having no life, I decided to call a
Sprint TDD operator and make them say fruity things on the confrence and
generally fuck with their heads. I first tried to call using the US-West TDD
service, and they seemed to catch on pretty fast that my call wasn't of a
serious nature and started threatening me, saying that my telephone number has
been logged and reported. We did get the operator to talk to us personally on
that call and some of the other conf nuts flirted with her. I had been using
my modem line to make these calls to US-West service. I figured I would be
safe since TDD calls were supposed to be free, even long distance ones (even
from TDD-equipped payphones).

        I was a little freaked out when I hung up with the operator service
and began to see RING reported by my modem in minicom. I ignored this for
about two minutes but it kept happening. Being the curious kid I am, I typed
ATA to answer the call. I had no carrier or a voice coming through the modem
speaker. I was kind of freaked out by this, so I decided to leave my computer
connected to the net all night in case the bastards tried to call back. The
next day, I left minicom running to detect rings while I was gone. My modem
line is unlisted and unpublished, dismissing the possibility of salesmen
calling, but there were about 60 RING messages reported by my modem during the
day. This continued for about two days after that conference.

        About a week and a half later, someone had set up another conference.
I was there of course, being a fone nut as usual. I decided to call another
TDD op into the conf for more fun. I was scared of US-West so I looked in the
phone book and called the Sprint customer service number and got the TDD
number from the op. I then placed a call to the TDD operator from my modem
line and asked that she call the long distance number for the conf (WorldVox
doesn't have leet 1-800 confs like AT&T, but they are easier to set up).
Anyway, I got the call placed by specifically asking for a collect call. The
op asked the one person on the conf that I told to answer the call to accept
the charges. They did, so I commenced my harrasing.

        I placed a call that night for about 15 minutes and one the next night
to another conf for about 4 minutes. Then, about two months later, enclosed
with my US-West phone bill, printed on US-West stationery, with the Sprint
logo, was a bill for the calls. The bill said nothing about the TDD use or
anything, but stated "Operator Assisted Call" and it charged me the full rate
for the calls. It costed me about 6 dollars for around + -20 minutes of
calling time. I called Sprint and was on hold for about ten minutes for a
somewhat knowledgeable enough person to answer my questions. I was told that
the TDD call was free, but the operator assistance was not. Either way, I was
pissed. Here are some of the ways to protect yourself from Toll charges such
as these.

1. Log all calls no matter how obscene/racist or otherwise. Operators can not
   disconnect calls for those reasons, and can be seriously punished for doing
   so.
2. Ask the operator if you will be charged in any way for the calls. Be sure
   you get their answer in your logs, as well as the op's ID# and name.
3. Feel free to call customer service for a supervisor if they give you any
   lip during the call. Let the operator know that you are reporting them.
4. Try to make the call somewhat realistic to start with so that they don't
   pull an OCI on you and "transfer" you.
5. Always complain until you get the telco to kiss your ass if you are
   charged. 95% of the time, the charges are completly dropped if say that you
   didn't make them.
6. Always have fun.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                                  AT&T 800's
                   by Jolly Spamhead (jizz-monkey@usa.net)
        and HomiGBoBo (e-mail sysfail@linux.slackware.org to contact)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
        Here are most of the important American Telephone and Telegraph 800
(toll free) numbers. Some of them only work from USA, so get a PBX that works
if you want to use them outside of the USA. If you are good enough with these
#'s, you can find out alot of stuff about AT&T, and you can also set up some
wicked cards or teleconferences. Have fun, and stay lame.

AT&T 800 #'S
==============
800-225-5288 AT&T Co (CALL ATT) (US) 
800-423-4343 AT&T Universal Card [Information] (Jacksonville FL) 
800-872-4637 AT&&T Product Training Services (Dublin OH) 
800-562-2255 AT&&T Toll-Free Directory Advertising (Parsippany NJ) 
800-833-3232 AT&T ACS Long Distance Bill Inquiries (US) 
800-233-1222 AT&T ACS Product Center (US) 
800-544-6363 AT&T Alliance Teleconference Service (US) 
800-332-5290 AT&T American Transtech (Jacksonville FL) 
800-998-3947 AT&T Authorized Stocking Distributor/Zack Electronics (US) 
800-998-3947 AT&T Authorized Stocking Distributor/Zack Electronics (US) 
800-227-5327 AT&T Automotive Services (Towson MD) 
800-338-5816 AT&T Automotive Services (Towson MD) 
800-544-5721 AT&T Business Translations (Naperville IL) 
800-235-4288 AT&T Capital Corporation (US) 
800-532-3381 AT&T Capital Corporation (US) 
800-532-3381 AT&T Capital Corporation (US) 
800-328-6628 AT&T Capital Leasing Services (Framingham MA) 
800-635-8866 AT&T Catalog (US) 
800-242-2121 AT&T Co (US) 
800-348-8288 AT&T Co [Shareowner-Infos] (US) 
800-342-6699 AT&T Distribution Technologies (Atlanta GA) 
800-325-0808 AT&T Employees Federal Credit Union (Bedminster NJ) 
800-823-7935 AT&T GBCS Southwest Florida Sales & Service (Port Charlotte FL) 
800-222-7747 AT&T Gift Certificates (Basking Ridge NJ) 
800-448-8600 AT&T Global Customer Services Center (Parsippany NJ) 
800-225-5627 AT&T Global Info Solutions (Dayton OH) 
800-346-2788 AT&T Language Line Services (Monterey CA) 
800-528-5888 AT&T Language Line Services (Monterey CA) 
800-443-8288 AT&T Long Distance Certificates (Bridgewater NJ) 
800-855-1155 AT&T [Modem] Long Distance Relay Service (US) 
800-855-2880 AT&T Long Distance Relay Service (US) 
800-855-2881 AT&T Long Distance Relay Service (US) 
800-855-2882 AT&T Long Distance Relay Service (US) 
800-855-2883 AT&T Long Distance Relay Service (US) 
800-325-8678 AT&T Network Systems (Phoenix AX) 
800-654-3724 AT&T Network Systems (US) 
800-538-7967 AT&T Northern Illinois Business Systems (Chicago IL) 
800-672-2752 AT&T OSCAR Lan (Greensboro NC) 
800-237-0016 AT&T Paradyne (US) 
800-482-3333 AT&T Paradyne (US) 
800-858-3718 AT&T Phone Centers (Parsippany NJ) 
800-233-1222 AT&T Products For Disabled People (US) 
800-782-7837 AT&T Resources For New Business (New York NY) 
800-451-2100 AT&T Sourcebook (Cincinnati OH) 
800-655-1390 AT&T Talking Package (Bridgewater NJ) 
800-655-1390 AT&T Talking Package (Bridgewater NJ) 
800-222-0300 AT&T Teleconference Service (US) 
800-222-0400 AT&T Teleconference Service (US) 
800-222-0900 AT&T Teleconference Service (US) 
800-222-3000 AT&T Teleconference Service (US) 
800-232-1234 AT&T Teleconference Service (US) 
800-235-0900 AT&T Teleconference Service (US) 
800-247-7000 AT&T Teleconference Service (US) 
800-348-8288 AT&T Teleconference Service (US) 
800-426-8686 AT&T Teleconference Service (US) 
800-562-2255 AT&T Teleconference Service (US) 
800-628-2888 AT&T Teleconference Service (US) 
800-662-7759 AT&T Teleconference Service (US) 
800-874-4000 AT&T Teleconference Service (US) 
800-426-8686 AT&T Toll-Free Directories (Parsippany NJ) 
800-878-3500 AT&T True Connections (Basking Ridge NJ) 
800-878-3872 AT&T True Rewards (Basking Ridge NJ) 
800-222-0300 AT&T (US) 
800-222-0400 AT&T (US) 
800-222-3000 AT&T (US) 
800-222-3111 AT&T (US) 
800-232-1234 AT&T (US) 
800-235-0900 AT&T (US) 
800-242-2121 AT&T (US) 
800-247-7000 AT&T (US) 
800-345-8288 AT&T (US) 
800-426-8686 AT&T (US) 
800-562-2255 AT&T (US) 
800-628-2888 AT&T [National Service Assistence Center] (US) 
800-662-7759 AT&T (US) 
800-822-2000 AT&T (US)

        I hope you enjoyed the file. Greets go out to RBCP, Colleen Card,
el_jefe, the writters of System Failure, RNS for releasing kick ass mp3's that
kept me alert when I wrote this, the makers of Jolt Cola, and of course, my
partner in crime, Desperado.

        No greets to Tyrone Ashford, Dingo Rogers, Ken Tarwood, Phrack, Web
TV, the asshole that invented ssping, and most of East Hartford High School.

               -Jolly Spamhead (http://www.erols.com/miller10/)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
<-------+
        |  A Short Note...
        +----------------> logic@linux.slackware.org

A few days ago, we received the following letter via e-mail:

Dear Member of the editorial staff....
Im writing this letter as a somewhat shitty request.  I am relatively new to
the whole "scene" and i was wonderin if i could maybe become yours' humble
apprentice.  I think it would be pretty cool if ya let me have this
oppurtunity to learn from some the, i think, most knowledgable members of this
scene. Thank yallz for considerin my most humble application.... oh and by the
way  I only been around for bout 6 months.. Ive read all the mags and texts i
can find.. so i do have a lotta information stored in my soggy excuse for a
brain.. id like to get sme more updated and maybe even a little more
experience..
Thanks again.


        While we are happy to attract new members to the H/P scene, System
Failure is not open for any sort of "member applications." We do have
guidelines and criteria for accepting new members into the group, and asking
us to accept you as a member isn't one of them. If you are chosen to become a
part of System Failure, you will be asked into the group by another member.
This isn't the first request of this type that we've received, nor do we
expect it to be the last. I mean no disrespect to the author of this letter, I
am printing it merely to prove a point. We would be more than happy to answer
questions or point you toward information. If you want to talk to us, e-mail
us or find us on IRC. The members of System Failure use the following IRC
nicks, and can all be found on EFnet, in the channel #peng (we might try to
set up #sysfail too pretty soon). I (Logic Box) can also be found on DALnet
most of the time.

Logic Box: [Logic] or LogicBox
Darkcactus: Drkcactus
Kenshiro Cochrane: kcochran (he also sometimes uses chran)
Pinguino: pinguino
Mr. SoniK: Mr_Sonik
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
That's all for issue 6... Pinguino will be doing the Christmas issue, which
should be out toward the end of December (if not, we'll make it the spiffy
New Year's issue, I guess). Send your submissions to our new e-mail address at
sysfail@linux.slackware.org, or find us on IRC. I'll see ya again in issue #8!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-E-O-F-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-




Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.