Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: p21-07.txt
                                ==Phrack Inc.==

                      Volume Two, Issue 21, File 7 of 11

         ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
         ()                                                        ()
         ()                  Non-Published Numbers                 ()
         ()                  ~~~~~~~~~~~~~~~~~~~~~                 ()
         ()             An Observation Of Illinois Bell            ()
         ()                                                        ()
         ()                   by Patrick Townson                   ()
         ()                of The Portal System (TM)               ()
         ()                                                        ()
         ()             Special Thanks to Hatchet Molly            ()
         ()                                                        ()
         ()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()


All examples in this message pertain to Illinois Bell Telephone Company, which
covers the Chicago metropolitan area, and quite a bit of the rest of Illinois.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

There are three types of phone numbers which do not appear in the printed and
publicly available directory;

     (1)  Too new to list
     (2)  Non-listed
     (3)  Non-published

The third category of numbers not in the phone book or available from the
Directory Assistance Bureau are non-published numbers.  Non-published numbers
are NOT available at the directory Assistance level.  Inquiries about same
which are input into a DA (Directory Assistance) terminal simply come up with a
message that "at the customer's request, the number is not listed in our
records; the number is non-published."

Well, who does keep non-pub records then?  The Business Office has no handy way
to retrieve them, since they depend on an actual phone number when they pull up
a record to discuss an account.  Once a service order is processed, the number
and associated name are no longer available to the average worker in the
central office.

There was for several years a small group known as the "NonPub Number Bureau"
which at the time was located in Hinsdale, Illinois.  Needless to say, the
phone number to the NonPub Number Bureau was itself non-published, and was only
available to specified employees at Illinois Bell who were deemed to have a
"need to know clearance."  Now with all the records being highly computerized,
the keepers of the Non-Pub phone numbers are themselves scattered around from
one phone office to another.

When there is some specific need for an employee at the phone company to
acquire the non-published number of a subscriber, then certain security
precautions kick into place.  Only a tiny percentage of telephone company
employees are deemed to have a "need to know clearance" in the first place;
among these would be the GCO's (Group Chief Operators), certain management
people in the central offices, certain people in the Treasury/Accounting
office, and of course, security representatives both from Illinois Bell and the
various long distance carriers, such as AT&T, US. Sprint, and MCI.

Let us have a hypothetical example for our correspondent; Your mother has taken
seriously ill, and is on her deathbed.  Your brother is unable to reach you to
notify you of this because you have a non-pub number.  When his request for the
number has been turned down by Directory Assistance, simply because they do not
have it, he asks to speak with a supervisor, and he explains the problem.  He
provides his own name and telephone number, and the supervisor states he will
be called back at a later time.  The supervisor does not question if in fact an
emergency exists, which is the only valid reason for breaking security.  The
supervisor may, if they are doing their job correctly, ask the inquirer point
blank, "Are you stating there is an emergency situation?"

Please bear in mind that the law in Illinois and in many other states says that
if a person claims that an emergency exists in order to influence the use (or
discontinuance of use) of the telephone when in fact there is no emergency is
guilty of a misdemeanor crime.  You say yes this is an emergency and I need to
contact my brother/sister/etc right away.  The supervisor will then talk to
his/her supervisor, who is generally of the rank of Chief Operator for that
particular facility.

The Chief Operator will call the NonPub people, will identify herself, and
*leave her own call back number*.  The NonPub people will call back to verify
the origin of the call, and only then will there be information given out
regards your brother's telephone number.  It helps if you know the *exact* way
the name appears in the records, and the *exact* address; if there is more than
one of that name with non-pub service, they may tell you they are unable to
figure out who it is you want.

The NonPub person will then call the subscriber with the non-published number
and explain to them what has occurred, "So and so has contacted one of our
operators and asked for assistance in reaching you.  The party states that it
is a family emergency which requires your immediate attention.  Would it be
alright if we give him/her your number, or would you prefer to call them back
yourself?"

Based on the answer given, the number is either relayed back to the Chief
Operator, or a message is relayed back saying the non-pub customer has been
notified.  If the customer says it is okay to pass his number, then the Chief
Operator will call you back, ask who YOU are, rather than saying WHO she wants,
and satisfied with your identification will give you the number you are seeking
or will advise you that your brother has been given the message by someone from
our office, and has said he will contact you.

Before the NonPub people will even talk to you, your 'call back number' has to
be on their list of approved numbers for that purpose.  A clerk in the Business
office cannot imitate a Chief Operator for example, simply because NonPub would
say that the number you are asking us to call back to is not on our list.
"Tell your supervisor what it is you are seeking and have them call us..."
Other emergency type requests for non-pub numbers would be a big fire at some
business place in the middle of the night, and the owners of the company must
be notified at their home; or a child is found wandering by the police and the
child is too young to know his parent's (non-pub) number.

They will also handle non-emergency requests, but only if they are of some
importance and not frivolous in nature.  You have just come to our city to
visit and are seeking a long lost friend who has a non-pub number; you are
compiling the invitations to your high school class fiftieth re-union and find
a class member is non-pub.  Within certain reasonable limits, they will pass
along your request to the desired party and let them make the choice of whether
to return the call or not.  But always, you leave your phone number with them,
and in due time someone will call you back to report what has been said or
done.

You would be surprised -- or maybe you wouldn't -- at the numerous scams and
stories people tell the phone company to get the non-pub numbers of someone
else.  Fortunately, Bell takes a great deal of pride in their efforts to
protect the privacy of their subscribers.

-PT
_______________________________________________________________________________




Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.