Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: p17-12.txt
                      #### PHRACK PRESENTS ISSUE 17 ####

                  ^*^*^*^ Phrack World News, Part 3 ^*^*^*^

                           **** File 12 of 12 ****


  +-------------------------------------------------------------------------+
  -[ PHRACK XVII ]-----------------------------------------------------------

                   "The Code Crackers are Cheating Ma Bell"
           Typed by the Sorceress from the San Francisco Chronicle
                            Edited by the $muggler

             The Far Side..........................(415)471-1138
             Underground Communications, Inc.......(415)770-0140

  +-------------------------------------------------------------------------+
In California prisons, inmates use "the code" to make free telephone calls
lining up everything from gun running jobs to visits from grandma.

In a college dormitory in Tennessee, students use the code to open up a
long-distance line on a pay phone for 12 straight hours of free calls.

In a phone booth somewhere in the Midwest, a mobster uses the code to make
untraceable calls that bring a shipment of narcotics from South America to the
United States.

The code is actually millions of different personal identification numbers
assigned by the nation's telephone companies.  Fraudulent use of those codes
is now a nationwide epidemic that is costing America's phone companies more
than $500 million each year.

In the end, most of that cost is passed on to consumers, in the form of higher
phone rates, analysts say.

The security codes range form multidigit access codes used by customers of the
many alternative long-distance companies to the "calling card" numbers
assigned by America Telephone & Telegraph and the 22 local phone companies,
such as Pacific Bell.

Most of the loss comes form the activities of computer hackers, said Rene
Dunn, speaking for U.S. Sprint, the third-largest long-distance company.

These technical experts - frequently bright, if socially reclusive, teenagers
- set up their computers to dial the local access telephone number of one of
the alternative long-distance firms, such as MCI and U.S. Sprint.  When the
phone answers, a legitimate customer would normally punch in a secret personal
code, usually five digits, that allows him to make his call.

Hackers, however, have devised computer programs that will keep firing
combinations of numbers until it hits the right combination, much like a
safecracker waiting for the telltale sound of pins and tumblers meshing.

Then the hacker- known in the industry as a "cracker" because he has cracked
the code- has full access to that customer's phone line.

The customer does not realize what has happened until a huge phone bill
arrives at the end of the month. By that time, his access number and personal
code have been tacked up on thousands of electronic bulletin boards throughout
the country, accessible to anyone with a computer, a telephone and a modem,
the device that allows the computer to communicate over telephone lines.

"This is definitely a major problem," said one telephone security expert, who
declined to be identified.  "I've seen one account with a $98,000 monthly
bill."

One Berkeley man has battled the telephone cheats since last fall, when his
MCI bill showed about $100 in long-distance calls he had not made.

Although MCI assured him that the problem would be taken care of, the man's
latest bill was 11 pages long and has $563.40 worth of long-distance calls.
Those calls include:

[]  A two-hour call to Hyattsville, Maryland, on January 22.  A woman who
    answered the Hyattsville phone said she had no idea who called her house.

[]  Repeated calls to a dormitory telephone at UCLA.  The student who answered
    the phone there said she did not know who spent 39 minutes talking to her,
    or her roommate, shortly after midnight on January 23.

[]  Calls to dormitory rooms at Washington State University in Pullman and to
    the University of Colorado in Boulder.  Men who answered the phones there
    professed ignorance of who had called them or of any stolen long-distance
    codes.

The Berkeley customer, who asked not to be identified, said he reached his
frustration limit and canceled his MCI account.

The phone companies are pursing the hackers and other thieves with methods
that try to keep up with a technological monster that is linked by trillions
of miles of telephone lines.

The companies sometimes monitor customers' phone bills.  If a bill that
averages about $40 or $50 a month suddenly soars to several hundred dollars
with calls apparently placed from all over the country on the same day, the
phone company flags the bill and tries to track the source of the calls.

The FBI makes its own surveillance sweeps of electronic bulletin boards,
looking for stolen code numbers.  The phone companies occasionally call up
these boards and post messages, warning that arrest warrants will be coming
soon if the fraudulent practice does not stop.  Reputable bulletin boards post
their own warnings to telephone hackers, telling them to stay out.

Several criminal prosecutions are already in the works, said Jocelyne Calia,
the manager of toll fraud for U.S. Sprint.

If the detectives do not want to talk about their methods, the underground is
equally circumspect.  "If they (the companies) have effective (prevention)
methods, how come all this is still going on?" asked one computer expert, a
veteran hacker who says he went legitimate about 10 years ago.

The computer expert, who identified himself only as Dr. Strange, said he was
part of the original group of electronic wizards of the early 1970s who
devised the "blue boxes" complex instruments that emulate the tones of a
telephone and allowed these early hackers to break into the toll-free 800
system and call all over the world free of charge.

The new hacker bedeviling the phone companies are simply the result of the
"technology changing to one of computers, instead of blue boxes" Dr. Strange
said.  As the "phone company elevates the odds... the bigger a challenge it
becomes," he said.

A feeling of ambivalence toward the huge and largely anonymous phone companies
makes it easier for many people to rationalize their cheating.  A woman in a
Southwestern state who obtained an authorization code from her boyfriend said,
through an intermediary, that she never really thought of telephone fraud as a
"moral issue."  "I don't abuse it," the woman said of her newfound telephone
privilege.  "I don't use it for long periods of time - I never talk for more
than an hour at a time - and I don't give it out to friends."  Besides, she
said, the bills for calls she has been making all over the United States for
the past six weeks go to a "large corporation that I was dissatisfied with.
It's not as if an individual is getting the bills."

There is one place, however, where the phone companies maybe have the upper
hand in their constant war with the hackers and cheats.

In some prisons, said an MCI spokesman, "we've found we can use peer pressure.
Let's say we restrict access to the phones, or even take them out, and there
were a lot of prisoners who weren't abusing the phone system.  So the word
gets spread to those guys about which prisoner it was that caused the
telephones to get taken out.  Once you get the identification (of the
phone-abusing prisoner) out there, I don't think you have to worry much" the
spokesman said.  "There's a justice system in the prisons, too."





Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.