CONNEXION ✔ Connexion INSCRIPTION ✔ Inscription Un Bug ? ✐ Un Bug?



Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.
Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet alors d'améliorer la technologie, les relations humaines et les intérêts.
Nous défendons les valeurs de l'entraide et du challenge et contribuons
modestement à rendre l'expérience des utilisateurs finaux
la plus agréable possible.

L'irc est assez actif. Le forum doit être remplacé par une version plus moderne.
Il rentre donc à son tour dans la liste des cibles disponible.

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
  • Cours en ligne
We make porn
Donate Button
Loading

Please Donate To Bitcoin Address: [[address]]

Donation of [[value]] BTC Received. Thank You.
[[error]]
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.


Dernières mises à jour
Déploiement du vpn en mode TUN pour supporter les devices mobile Android.
Publication officielle de l'existence du FTP de hackBBS
Mise en place d'un nouveau système de publication d'article. Désormais, les contributeurs pourront aisément publier du contenu.
Implémentation d'un nouveau service vulnérable sur le dédié. (source du service dispo dans /usr/local/src/)
Création de 2 nouveaux comptes sur le dédié.
Mise en ligne de nouveaux articles sur les réseaux de neurones.
Premier tournois Battle-bot sur irc.hackint.eu.
Mise en production du flux rss.
Lancement du projet battle-bot. Ce projet est l'organisation et le développement d'un tournoi de bot sur #hackbbs-battle. Pour plus d'informations se référer à la section tournois dans le menu de gauche.
Mise en production de l'outil turtle search. Cet outil permet de chercher dans notre base de donnée les liens, documents, programmes, qui ont été utiles à la communauté.
Mise en place outil RSS. Nebojsa est nommé "responsable news". Cette responsabilité touche les nouvelles du site et les m-a-j effectué sur le flux rss.
M-a-j du syst. de ban anti-scan. Rien n'est fini, et scan autorisé ! C'est juste un challenge de plus, et le ban n'est que temporaire
M-a-j pages toolbox, merci à the-death pour sa contribution

Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: cdc308.txt

                                    _
                                   | \
                                   |  \
                                   | | \
                            __     | |\ \             __
      _____________       _/_/     | | \ \          _/_/     _____________
     |  ___________     _/_/       | |  \ \       _/_/       ___________  |
     | |              _/_/_____    | |   > >    _/_/_____               | |
     | |             /________/    | |  / /    /________/               | |
     | |                           | | / /                              | |
     | |                           | |/ /                               | |
     | |                           | | /                                | |
     | |                           |  /                                 | |
     | |                           |_/                                  | |
     | |                                                                | |
     | |      c   o   m   m   u   n   i   c   a   t   i   o   n   s     | |
     | |________________________________________________________________| |
     |____________________________________________________________________|

  ...presents...           The Gnu-Warez Kidz' Guide
                          to Pirating on the Internet
                                                         by Tarkin Darklighter
                                                         01/01/1996-#308

             __///////\ -cDc- CULT OF THE DEAD COW -cDc- /\\\\\\\__
               \\\\\\\/  Everything You Need Since 1986  \///////
  ___    _   _    ___     _   _    ___       _   _      ___    _   _      ___
 |___heal_the_sick___raise_the_dead___cleanse_the_lepers___cast_out_demons___|

     In the early '80s, fans of the Apple II fell in love with ASCII Express
(AE).  A seemingly simple terminal program, it contained an important feature -
a host mode.  Most people overlooked it, but not the underground file traders.
A person could call your computer and, with a simple password, have access to
all your files.  The potential of AE was soon unlocked, and some of the
earliest and simplest pirate file trading boards were created.

     After a short period of time, the sysops of AE's were tired of users'
tendency to simply download and not contribute any software (leeching).  Thus,
the AE:TAC (Total Access Control) was born.  This allowed user registration and
maintenance of upload/download ratios.  After another short period of time, the
AE file transfer system was integrated with the popular GBBS bulletin board
software, which gave board sysops the same file transfer flexibility of AE.

     Fifteen years later, the same progression is emerging again.  This time,
however, the medium is the Internet.  Pirate sites are slowly changing from
anonymous FTP sites, to IP-specific FSP sites, to telnetable BBSs.

     Anyone with local dialup access can easily obtain the latest commercial
software for their own perusal.  This is by no means supposed to be a complete
guide to obtaining pirate software over the Internet, but it is a good starting
place.

  _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

WHAT DO I NEED?

     A computer (heh).
     A connection to the Internet.
     A terminal program capable of displaying control characters.
     A UNIX shell account and a basic knowledge of UNIX.  You must have a
          UNIX shell account to use these methods.  Most graphical interfaces
          simply don't give you the control you need.
     A site with software you want.

  _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

HOW TO OBTAIN SITES

     There are many ways you can obtain sites.  I'll outline some of the best
methods below:

     Archie: For those of you who don't know, Archie is a utility that will
search systems on the Internet for filenames that you specify.  This can be
used to find sites.  Unfortunately, by the time the Archie servers are updated
with filenames that are typically on sites, the sites are dead.  Still, you can
gain by the use of this utility.  Common filenames to search for are listed
below:

 .apps     .appz
 .games    .gamez
 .util     .talk
 .tlk      .mac
 .pc       .ibm
 .amiga    .console
 .warez    .sitez

     Once you have found a site that has one of these filenames (or variations
thereof), FTP over to it and see if it still exists.  You can often find old
wares still on the site.  More importantly, you can find the email addresses
of people who trade site lists.

     Site list: The usual rule is that you must have something to get
something.  In other words, you usually must trade one or two good sites to get
a current list of active sites.  Alternatively, you can beg the keeper of a
list to give you a current copy (see above for obtaining email addresses).
Another good technique is to start your own list.  This is actually quite easy
to do.  Find a site and post a message asking people to send you sites in
return for a list.  Compile all the responses you receive into a list and mail
it out to all the respondents.  Also, it's a really good idea to use an
anonymous mail server (i.e., info@anon.penet.fi  <-- send email to
this address for instructions).  A typical site list looks like this (IP
addresses have been changed):

FTP          DIRECTORY                                     SCORE    SPEED
~~~          ~~~~~~~~~~                                    ~~~~~~   ~~~~~~
198.80.x.x   /incoming/"^[[K^[[A^[[K"/".GnuWarez"/         [4/10]   [5/10]
199.222.x.x  /incoming/cursci/"^[[K^[[A^[[K^I "/"P8^H^H"/  [6/10]   [8/10]
etc...

Legend:
FTP  - The IP address to use
DIRECTORY - The directory where the warez are located (more detailed
            instructions are contained later in this file)
SCORE - Rating in terms of the quality and quantity of the warez
SPEED - A rating of the file transfer speed of the site

     IRC: Just like real life, it's all about who you know.  Once you're in the
loop and are actively trading sites, you may be invited to participate in live
IRC chats.  Or you can look for channels such as #warez and #pcwarez if you're
good at begging.

  _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

COMMON FORMATS OF SITES

     FTP: I'm assuming you know at least a little about FTP, so I'm certainly
not going to write a manual on it.  However, I will reveal how to maneuver
through seemingly impassable directories.  There are only three rules you
need to know:

1. The ls switches are essential.  It's extremely important that you are able
to see a directory name.  The best way to see the entire name is to use the
command 'ls -aFl' (without the quotes).  This will display all files in a
directory.  Read the online ftp help for a complete description of ls switches.

2. How to use quotation marks?  Quotation marks are invaluable tools when
navigating in FTP.  If you encounter a filename or directory with a space in
it, you must use quotes or the client will become confused.  For example,
suppose you came across the following directory:

drwxr-xr-x   9 ftp  killer   512 Aug 16 21:51 StickyBear ABC

     If you wanted to change to this directory, you must type 'cd "StickyBear
ABC"', else it will not work.  It's also necessary with some control characters
(see next section).  It's really much easier just to put the quotation mark at
the beginning of each cd command.  Incidentally, only the first quotation mark
is necessary.

3. Control characters and the magic Control-V are important.  Control
characters are a common method to keep out the casual browser.  They are
embedded in directory names, and will cause your screen to clear or do any
number of confusing things.  To get around this, you MUST have a terminal
program that allows you to turn on the display of control characters.  You can
then type the directory name (complete with control characters) and get to the
desired files.  For example, let's say you come across a directory called
"WarezORama^H^H^H^H^H".  If you didn't have your "Show Control Characters"
option checked, you would just see a directory named "Warez".  Hardly useful.
 But, if you can see the full directory name, you simply have to type 'cd
"WarezORama^H^H^H^H^H"'.

     If you encounter any control characters that suspend your FTP job or
disconnect you, all you have to do is use the character ^V.  For example, let's
say a directory is called '.^Z^I^P^P^O'.  If you were to type 'cd
".^Z^I^P^P^O"', your FTP session would immediately be suspended after hitting
Control-Z.  You can circumvent this by immediately preceding all problematic
control characters with a Control-V.  To get into the '.^Z^I^P^P^O' directory,
you would simply type 'cd ".^V^Z^I^P^P^V^O"'.  Generally, you will only have to
preceed Control-D, Control-O, Control-R, and Control-Z with Control-V.  Your
FTP client may vary.

     For practice, let's use one of our earlier examples:

198.80.x.x   /incoming/"^[[K^[[A^[[K"/".GnuWarez "/         [4/10]   [5/10]

     To use this site, you would type:

ftp 198.80.x.x  (an actual site would have numbers in place of the x's).
cd /incoming/"^[[K^[[A^[[K"/".GnuWarez"/
ls -aFl

     A list of files and directories should follow.

     FSP: FSP is simply another utility (similar to FTP) for transferring
files.  The commands are very much the same as for FTP.  Read the online manual
for specific instructions.  FSP gives a sysop tighter control over a site since
he can limit connections to specific IP addresses.  This means that you have to
register (usually involves sending some k00l warez) before you can use the
private section of the site.  You also must have a dedicated IP address, since
it will do you no good to register an IP address you may not have every time
you log on to your provider.

     Telnet: Telnet is yet another Internet utility that allows you to connect
to a remote computer system.  This is becoming very popular, since it allows
BBS's to have connections on the Internet.  It looks just like you are calling
over telco lines, except you have extremely fast transfer rates.  This allows a
sysop the same level of control as a typical BBS (upload/download ratio,
message boards, and user validation).

  _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

DIRECTORY STRUCTURE ON SITES

     The following example is a typical directory you will see on a pirate
site:

-rw-r--r--   1 ftp  killer    30 Aug  5 19:38 ** Another gNuWarez site.
-rw-r--r--   1 ftp  killer    30 Aug  5 19:39 ** Site Op - sOOpurChUnK
drwxr-xr-x  19 ftp  killer  1024 Aug 23 22:49 .appz
drwxr-xr-x   2 ftp  killer   512 Aug 16 21:53 .cracks...etc
drwxr-xr-x  11 ftp  killer   512 Aug 18 19:19 .gamez
drwxr-xr-x   4 ftp  killer   512 Aug 13 17:42 .irc
drwxr-xr-x   9 ftp  killer   512 Aug 16 21:51 .oldappz
drwxr-xr-x  52 ftp  killer  2560 Aug 23 10:07 .oldgamez
drwxr-xr-x   7 ftp  killer  1024 Aug 23 06:15 .oldreq
drwxr-xr-x  22 ftp  killer  1024 Aug 23 15:43 .req
drwxr-xr-x   2 ftp  killer   512 Aug 23 05:11 .talk
drwxr-xr-x   7 ftp  killer  1024 Aug 22 06:44 .users
-rw-r--r--   1 ftp  killer     0 Aug 16 13:55 bout 30 megs free now

     The subdirectories are used as follows:
.appz - put all applications in here
.cracks - contains patches to defeat copy protection
.gamez - put all games in here
.irc - usually contains IRC hacks, such as bots, etc.
.oldxxx - contains old software upped by request
.talk - any miscellaneous comments
.req - requests for files
.users - put your alias in here to show that you've visited the site

  _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

RULES ON SITES

     I know this is a pointless section, since most of you will totally
disregard it.  Still, I feel an obligation to pass on a few rules of etiquette:

1.  Don't be a deleter.  There are those out there who get a perverse thrill
out of deleting files just for the hell of it.  Don't do this.

2.  Don't be an artist.  Don't go around making directories or filenames in
k-k00l ANSI colors just because you can.  And don't use control characters to
screw up directory listings.  After all, how many times can 500 CTRL-G's be
entertaining?

3.  Follow the upload rules.  I think somebody already wrote a file on this,
but I'll go ahead and paraphrase:

     Put files in the right directory.  If it's a Win 95 app, put it in the
Win 95 Apps directory.

     Use QUOTE APPE.  Do not use MKDIR to make comments or requests!  This
makes you look like a complete idiot!  Read the online manual for proper
syntax.

     After uploading, make a zero-length file saying something similar to:
"MK VIII done.  Upped by Bill Gates."  This will let everyone know that the
upload is complete.

  _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

WHERE ARE WE GOING FROM HERE?

     Since history already seems to be repeating itself, I will make the
following prediction based on what happened to the Apple II underground:
anonymous pirate sites will soon disappear (or at least they will greatly
diminish).  Advancing technology soon eliminated AE's, and it will do the same
thing for underground FTP sites.  As the cost of ISDN and other direct
connections diminish, more and more BBS's will be directly connected to the
Internet.  This will allow people to use Telnet to connect to them.

     What sysop will bother to constantly upload software to an anonymous site
only to have it immediately deleted?  It's much easier to control access on a
user-by-user basis.  In this manner, he can enforce download ratios, have
message boards, etc.

  _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/

A FINAL WORD

     I'm not responsible for how you use this information.  If you're stupid
enough to pirate software and get caught, it's your own fault.  Also, I don't
trade sites or files.  I've got little enough time as it is!

     Any comments are more than welcome.  I can be reached on DRU.

     "Yes I eat cow, I am not proud." 
          -Nirvana, "Mr. Mustache"
     .-.                             _   _                             .-.
    /   \           .-.             ((___))             .-.           /   \
   /     \         /   \       .-.  [ x x ]  .-.       /   \         /     \
 -/-------\-------/-----\-----/---\--\   /--/---\-----/-----\-------/-------\-
 /         \     /       \   /     `-(' ')-'     \   /       \     /         \
  WORLDWIDE \   /         `-'         (U)         `-'         \   / WORLDWIDE
             `-'                     .ooM                      `-'     _
      Oooo                                                            / )   __
 /)(\ (   \           Copyright (c)1996 cDc communications.          /  (  /  \
 \__/  )  / All rights reserved.  Award-winning CULT OF THE DEAD COW \   ) \)(/
       (_/     is published by cDc communications, P.O. Box 53011,    oooO  _
  oooO         Lubbock, TX, 79453, US of A.  Edited by Swamp Ratte'.  __   ( \
 /   ) /)(\                                                          /  \  )  \
 \  (  \__/        Save yourself!  Go outside!  Do something!        \)(/ (   /
  \_)                      "THE COW WALKS AMONGST US"                     Oooo


Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.