Plateforme de Hacking

HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Flux RSS

flux RSS d'HackBBS Abonnez-vous. Soyez prévenu des tournois, challenges, actualités, ...
Recevez nos dernières actualités sur notre flux RSS.



Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: p46-19.txt
                              ==Phrack Magazine==



                 Volume Five, Issue Forty-Six, File 19 of 28



****************************************************************************



                      DefCon II: Las Vegas



                  Cyber-Christ meets Lady Luck



                        July 22-24, 1994



                        by Winn Schwartau

              		   (C) 1994

         



Las  Vegas connotes radically different images to radically  dif

ferent  folks.   The Rat Pack of Sinatra, Dean Martin  and  Sammy 

Davis  Jr.  elicits up the glistening self-indulgent  imagery  of  

Vegas'   neon  organized  crime in the  '50's   (Ocean's  Eleven 

displayed only minor hacking skills.)



Then  there's the daily bus loads of elderly nickel  slot  gam

blers from Los Angeles and Palm Springs who have nothing  better 

to  do  for twenty out of twenty four hours each  day.   (Their 

dead  husbands were golf hacks.)   Midwesterners  now  throng to 

the Mississippi River for cheap gambling.



Recreational vehicles of semi-trailor length from East  Bullock, 

Montana  and  Euclid, Oklahoma and Benign, Ohio clog  routes  80 

and 40 and 10 to descend with a vengeance upon an asphalt  home 

away  from home in the parking lot of Circus Circus.  By  cul

tural demand, every Rv'er worth his salt must, at least once in 

his life,  indulge in the depravity of Glitter Gulch.  



And  so they come, compelled by the invisibly insidious  derelict 

attraction  of a desert Mecca whose only purpose in life  is  to 

suck  the  available  cash from  addicted  visitor's  electronic 

purses of ATM and VISA cards. (Hacker?  Nah . . .)



Vegas  also has the distinction of being home to the largest  of 

the largest conventions and exhibitions in the world.   Comdex 

is the world's largest computer convention where 150,000  techno-

dweebs  and  silk  suited glib  techno-marketers  display  their 

wares  to a public who is still paying off  the 20% per  annum 

debt  on last year's greatest new electronic gismo which  is 

now rendered thoroughly obsolete.  And the Vegas Consumer  Elec

tronic  Show does for consumer electronics what the First  Amend

ment does for pornography.  (Hackers, are we getting close?)



In between, hundreds upon hundreds of small conferences and 

conventions  and sales meetings and annual excuses  for  excess 

all  select Las Vegas as the ultimate host city.  Whatever  you 

want, no matter how decadent, blasphemous, illegal or immoral, at 

any  hour, is yours for the asking, if you have cash or a  clean 

piece of plastic.  



So, it comes as no surprise, that sooner or later, (and it turns 

out to be sooner) that the hackers of the world, the computer 

hackers, phone phreaks, cyber-spooks, Information Warriors, data 

bankers, Cyber-punks, Cypher-punks, eavesdroppers, chippers, 

virus  writers  and  perhaps the occasional  Cyber  Christ  again 

picked Las Vegas as the 1994 site for DefCon II. 



You see, hackers are like everyone else (sort of) and so they, 

too, decided that their community was also entitled to hold 

conferences and conventions.



DefCon  (as opposed to Xmas's HoHoCon), is the  premier  mid-year 

hacker extravaganza.  Indulgence gone wild, Vegas notwithstanding 

if  previous Cons are any example; but now put a  few  hundred 

techno-anarchists  together in sin city USA, stir  in  liberal 

doses  of  illicit controlled pharmaceutical substances, and  we 

have a party that Hunter Thompson would be proud to attend.



All  the while, as this anarchistic renegade regiment marches  to 

the tune of a 24 hour city, they are under complete  surveillance 

of  the authorities.  Authorities like the FBI, the Secret  Serv

ice,  telephone security . . . maybe even Interpol.  And how  did 

the  "man"  arrive in tow behind the techno-slovens  that  belong 

behind bars?



They were invited.



And so was I.  Invited to speak. (Loose translation for standing 

up  in front of hundreds of hackers and being verbally  skewered 

for having an opinion not in 100% accordance with their own.)   



"C'mon,  it'll be fun," I was assured by DefCon's organizer,  the 

Dark Tangent.



"Sure  fired way to become mutilated monkey meat,"  I  responded.  

Some  hackers just can't take a joke, especially after  a  prison 

sentence and no opposite-sex sex.



"No really, they want to talk to you . . ."



"I bet."



It's  not that I dislike hackers - on the contrary.  I have  even 

let a few into my home to play with my kids.  It's just that,  so 

many  of the antics that hackers have precipitated at  other Cons 

have  earned them a reputation of disdain by all, save those  who 

remember  their own non-technical adolescent shenanigans.  And  I 

guess I'm no different.  I've heard the tales of depraved  indif

ference,  hotel  hold-ups, government raids on folks  with  names 

similar to those who are wanted for pushing the wrong key on  the 

keyboard and getting caught for it.  I wanted to see teens and X-

generation types with their eyes so star sapphire glazed over that 

I could trade them for chips at the craps table.   



Does  the truth live up to the fiction?  God, I hope so. It'd  be 

downright  awful and unAmerican if 500 crazed hackers didn't  get 

into at least some serious trouble.  



So I go to Vegas because, because, well, it's gonna be fun.  And, 

if I'm lucky, I might even see an alien spaceship.  



For you see, the party has already begun.





I  go to about 30 conventions and conferences a year, but  rarely 

if ever am I so Tylonol and Aphrin dosed that I decide to go with 

a severe head cold.  Sympomatic relief notwithstanding I  debated 

and  debated, and since my entire family was down with  the  same 

ailment  I figured Vegas was as good a place to be as at home  in 

bed.   If  I could survive the four and half  hour  plane  flight 

without  my  Eustahian tubes rocketing through my ear  drums  and 

causing  irreparable damage, I had it made.



The  flight was made tolerable becuase I scuba dive.   Every  few 

minutes I drowned out the drone of the engines by honking  uncon

trollably  like  Felix  Ungerto without his  aspirator.   To  the 

chagrin of my outspoken counter surveillance expert and traveling 

mate,  Mike  Peros and the rest of the first  class  cabin,   the 

captain reluctantly allowed be to remain on the flight and not be 

expelled sans parachute somewhere over Southfork, Texas.   Snort, 

snort.  Due to extensive flirting with the two ladies across  the 

aisle, we made the two thousand mile trek in something less  than 

34  minutes . . . or so it seemed.  Time flies took on new  mean

ing. 



For  those who don't know, the Sahara Hotel is the dregs  of  the 

Strip.   We were not destined for Caesar's or the MGM or  any  of 

the  new multi-gazillion dollar hotel cum casinos  which  produce 

pedestrian  stopping  extravaganzas as an inducement to  suck  in 

little old ladies to pour endless rolls of Washington quarters in 

mechanical  bottomless pits. The Sahara was built some 200  years 

ago  by native slave labor whose idea of plumbing is  clean  sand 

and  decorators  more concerned with a mention in Mud  Hut  Daily 

than Architectural Digest.  It was just as depressingly dingy and 

solicitly low class as it was when I forced to spend eleven  days 

there (also with a killer case of the flu) for an extended Comdex 

computer show.  But, hey, for a hacker show, it was top flight.  



"What hackers?" The desk clerk said when I asked about the show.



I explained.  Computer hackers: the best from all over the  coun

try.  "I hear even Cyber Christ himself might appear."



Her  quizzical  look emphasized her pause.  Better  to  ignore  a 

question   not understood than to look stupid.  "Oh,  they'll  be 

fine,  We have excellent security."  The security people, I found 

out  shortly thereafter knew even less: "What's a  hacker?"   Too 

much  desert sun takes its toll.  Proof positive photons are  bad 

for neurons.  



Since it was still only 9PM Mike and I sucked down a couple of $1 

Heinekens in the casino and fought it out with Lineman's  Switch

ing  Union representatives who were also having their  convention 

at the Sahara.  Good taste in hotels goes a long way.  



"$70,000  a  year to turn a light from red to  green?"   we  com

plained.



"It's a tension filled job . . .and the overtime is murder."



"Why a union?"



"To protect our rights."



"What rights?"



"To make sure we don't get replaced by a computer . . ."



"Yeah,"   I  agreed.   "That  would  be  sad.   No  more   Amtrak 

disasters."  The crowd got ugly so we made a hasty retreat  under 

the scrutiny of casino security to our rooms. Saved.



Perhaps  if  I  noticed or had read the  original  propaganda  on 

DefCon, I might have known that nothing significant was going  to 

take  place  until the following (Friday) evening  I  might  have 

missed all the fun.



For  at around 8AM, my congestion filled cavities  and  throbbing 

head was awakened by the sound of an exploding toilet.  It's kind 

of  hard  to  explain what this sounds like.   Imagine  a  toilet 

flushing  through  a  three megawatt sound system  at  a  Rolling 

Stones concert. Add to that the sound of a hundred thousand   flu 

victims standing in an echo chamber cleansng their sinuses into a 

mountain  of  Kleenex while three dozen  football  referees  blow 

their foul whistles in unison, and you still won't come close  to 

the  sheer cacophonous volume that my Saharan toilet exuded  from 

within its bowels.  And all for my benefit.  



The  hotel  manager  thought I was kidding.  "What  do  you  mean 

exploded?"



"Which word do you not understand?" I growled in my early morning 

sub-sonic voice.  "If you don't care, I don't."  



My  bed was floating.  Three or maybe 12 inches of water  created 

the damnedest little tidal wave I'd ever seen, and the sight  and 

sound  of  Lake Meade in room 1487 only exascerbatd the  pressing 

need to relieve myself.  I dried my feet on the extra bed linens, 

worried  about electrocution and fell back asleep. It could  have 

been  3  minutes or three hours later - I have no way to  know  -  

but  my hypnogoic state was rudely interrupted by  hotel  mainte

nance pounding at the door with three fully operational  muffler-

less jack hammers.



"I  can't  open  it," I bellowed over the continual  roar  of  my 

personal  Vesuvius Waterfall.  "Just c'mon in."   The  fourteenth 

floor hallway had to resemble an underwater coral display becuase 

the door opened ever so slowly..



"Holy Christ!"  



Choking  back  what would have been a painful laugh,  I  somehow 

eeked out the words, with  a smirk, "Now you know what an explo-

ding  toilet  is like."



For,  I  swear, the next two hours three men  whose  English  was 

worse  than a dead Armadillo attempted to suck up the Nile  River 

from my room and the hallway.  Until that very moment in time,  I 

didn't  know  that  hotels were outfitted  with  vacuum  cleaners 

specifically designed to vacuum water.  Perhaps this is a regular 

event.





Everyone  who has ever suffered through one bitches  about  Vegas 

buffets,  and  even the hackers steered away  from  the  Sahara's  

$1.95  "all you can eat" room: "The Sahara's buffet is the  worst 

in  town;  worse than Circus Circus."  But since I  had  left  my 

taste  buds  at 37,000 feet along with schrapneled pieces  of  my 

inner ear, I sought out sustenance only to keep me alive  another 

24 hours.



By mid afternoon, I had convinced myself that outside was not the 

place  to be. After only eighteen minutes of  120  sidewalk  egg-

cooking  degrees, the hot desert winds took what was left  of  my 

breath  away  and with no functioning airways as it was,  I  knew 

this  was  a big mistake.  So, hacker convention, ready  or  not, 

here I come.



Now,  you  have to keep in mind that Las Vegas  floor  plans  are 

designed  with  a singular purpose in mind. No matter  where  you 

need to go, from Point A to Point B or Point C or D or  anywhere, 

the traffic control regulations mandated by the local police  and 

banks require that you walk by a minimum of 4,350 slot  machines, 

187  gaming  tables of various persuasions and no  less  than  17 

bars.  Have they no remorse?  Madison Avenue ad execs take heed! 



So, lest I spend the next 40 years of my life in circular pursuit 

of  a  sign-less hacker convention losing every last  farthing  I 

inherited from dead Englishmen, I asked for the well hidden loca-

tion at the hotel lobby.



"What  hackers?"  There goes that nasty photon  triggered  neuron 

depletion again.



"The computer hackers."



"What computer hackers.  We don't have no stinking hackers . . ."  

Desk clerk humor, my oxymoron for the week.

 

I tried the name: DefCon II.



"Are  we going to war?"  one ex-military Uzi-wielding guard  said 

recognizing the etymology of the term. 



"Yesh, it's true"  I used my most convincing tone. "The  Khasaks

tanis  are coming with nuclear tipped lances riding hundred  foot 

tall  horses.   Paris has already fallen.  Berlin  is  in  ruins.  

Aren't you on the list to defend this great land?"



"Sure as shit am!"   He scampered off to the nearest phone in  an 

effort  to  be the first on the front lines.   Neuron  deficiency 

beyong surgical repair..



I  slithered down umpteen hallways and casino aisles lost in  the 

jungle of jingling  change.   Where the  hell  are  the  hackers?   

"They must be there," another neuron-impoverished Saharan employ

ee said as he pointed towards a set of escalators at the very far 

end of the casino.  



All the way at the end of the almost 1/4 mile trek through  Sodom 

and Gonorrhea an 'up' escalator promised to take me to hackerdom.  

Saved  at last.  Upstairs.  A conference looking area.  No  signs 

anywhere,  save  one of those little black  Velcro-like  stick-em 

signs where you can press on white block letters.



	               No Mo Feds



I must be getting close. Aha, a maintenance person; I'll ask him.  

"What hackers?  What's DefCon."



Back  downstairs,  through the casino, to the  front  desk,  back 

through  the casino, up the same escalator again. Room One I  was 

told.   Room  One  was empty.  Figures.  But, at the  end  of   a 

hallway,  past the men's room and the phones, and  around  behind 

Room One I saw what I was looking for: a couple of dozen T-shirt

ed,  Seattle grunged out kids (read: under 30) sitting at  uncov

ered  six foot folding tables hawking their DefCon  II  clothing, 

sucking  on Heinekens and amusing themselves with  widely  strewn 

backpacks and computers and cell phones.



I had arrived!



			* * * *



You  know,  regular old suit and tie conferences  could  learn  a 

thing or two from Jeff Moss, the man behind DefCon II.  No  fancy 

badge making equipment; no $75 per hour union labor built  regis

tration  desks; no big signs proclaiming the wealth of  knowledge 

to  be gained by signing up early.  Just a couple of kids with  a 

sheet of paper and a laptop.  



It turned out I was expected.  They handed me my badge and what a 

badge it was.  I'm color blind, but this badge put any psychedel

ically induced spectral display to shame.  In fact it was a close  

match  to the Sahara's mid 60's tasteless casino carpeting  which 

is so chosen as to hide the most disgusting regurgative blessing.  

But better and classier.



The neat thing was, you could (in fact had to) fill out your  own 

badge  once  your name was crossed off the piece  of  paper  that 

represented the attendee list.  



Name:

Subject of Interest:

E-Mail:



Fill  it  out  any way you want.  Real name,  fake  name,  alias, 

handle  - it really doesn't matter cause the  hacker  underground 

ethic  encourages anonymity.  "We'd rather not know who  you  are 

anyway, unless you're a Fed.  Are you a Fed?"



A  couple of lucky hackers wore the ultimate badge of honor.   An 

"I  Spotted A Fed" T-shirt.  This elite group sat or lay  on  the 

ground watching and scouring the registration area for signs that 

someone,  anyone, was a Fed.  They really didn't care or  not  if 

you  were a Fed - they wanted the free T-shirt and the  peer  re

spect that it brought.



I'm over 30 (OK, over 35) and more than a few times (OK, a little 

over 40) I had to vehemently deny being a Fed.  Finally Jeff Moss 

came to the rescue.



"He's not a Fed.  He's a security guy and a writer."



"Ugh!  That's worse.  Can I get a T-shirt cause he's  a  writer?"  

No way hacker-breath.



Jeff.   Jeff Moss. Not what I expected.  I went to school with  a 

thousand Jeff Mosses.  While I had hair down to my waist, wearing 

paisley leather fringe jackets and striped bell bottoms so wide I 

appeared to be standing on two inverted ice cream cones, the Jeff 

Mosses  of  the world kept  their parents  proud.   Short,  short 

cropped  hair,  acceented by an ashen pall and  clothes  I  stlll 

wouldn't  wear  today.  They could get away with  anything  cause 

they  didn't look the part of radical chic.  Jeff, I really  like 

Jeff: he doesn't look like what he represents.  Bruce  Edelstein, 

(now of HP fame) used to work for me.  He was hipper than hip but 

looked squarer than square.  Now today that doesn't mean as  much 

as  it used to, but we ex-30-somethings have a hard time  forget

ting  what rebellion was about. (I was suspended 17 times in  the 

first semester of 10th grade for wearing jeans.)



Jeff  would  fit into a Corporate Board Meeting if  he  wore  the 

right suit and uttered the right eloquencies:  Yes, that's it:  A 

young  Tom Hanks.  Right.  I used to hate Tom Hanks (Splash,  how 

fucking stupid except for the TV-picture tube splitting  squeals) 

but  I've come to respect the hell out of him as an actor.   Jeff 

never  had to pass through that first phase.  I  instantly  liked 

him and certainly respect his ability to pull off a full  fledged 

conference for only $5000.  



You  read  right. Five grand and off to Vegas with  300  of  your 

closest personal friends, Feds in tow, for a weekend of electron

ic  debauchery.   "A few hundred for the brochure, a few  hundred 

hear, a ton in phone bills, yeah, about $5000 if no one does  any 

damage."   Big time security shows cost $200,000 and up.   I  can 

honestly  say  without meaning anything pejorative at any  of  my 

friends and busienss acquaintances, that I do not learn 40  times 

as  much  at the 'real' shows.  Something is definitely out of  

whack  here.  Suits want to see suits.  Suits want to see  fancy.  

Suits want to see form, substance be damned.  Suits should take a 

lesson from my friend Jeff.



			* * * * *



I again suffered through a tasteless Saharan buffer dinner  which 

cost me a whopping $7.95.  I hate grits - buttered sand is what I 

call  them  - but in this case might well have  been  preferable.  

Somehow  I  coerced a few hackers to join me in  the  ritualistic 

slaughter of our taste buds and torture of our intestines.   They 

were  not pleased with my choice of dining, but then who gives  a 

shit?  I couldn't taste anything anyway.  Tough. 



To keep our minds off of the food we talked about something much 

more pleasant: the recent round of attacks on Pentagon  computers 

and  networks.  "Are the same people involved as in the  sniffing 

attacks earlier this year?" I asked my triad of dinner mates. 



"Indubitably."



"And what's the reaction from the underground - other hackers?"



Coughs, sniffs.  Derisive visual feedback. Sneers. The finger.



"We can't stand 'em.  They're making it bad for everybody."   Two 

fingers.



By and large the DefCon II hackers are what I call 'good hackers' 

who hack, and maybe crack some systems upon occasion, but  aren't 

what  I refer to as Information Warriors in the bad sense of  the 

word.   This group claimed to extol the same position as most  of 

the  underground  would:   the Pentagon sniffing  crackers  -  or 

whoever  who  is assaulting thousands of computers on the  net  - 

must be stopped. 



"Scum bags, that what they are."  I asked that they not sugarcoat 

their feelings on my behalf.  I can take it.  "These fuckers  are 

beyond belief; they're mean and don't give a shit how much damage 

they  do."  We played with our food only to indulge in the single 

most  palatable edible on display: ice cream with gobs of  choco

late syrup with a side of coffee. . 



The big question was, what to do?  The authorities are  certainly 

looking  for a legal response; perhaps another Mitnick or  Phiber 

Optik.   Much  of  the underground cheered when  Mark  Abene  and 

others from the reknowned Masters of Destruction went to spend  a 

vacation  at the expense of the Feds.  The MoD was up to no  good 

and  despite  Abene's cries that there was no such thing  as  the 

MoD, he lost and was put away.  However many hackers believe as I 

do, that sending Phiber to jail for hacking was the wrong punish

ment.  Jail time won't solve anything nor cure a hacker from  his 

first  love.   One might as well try to cure a  hungry  man  from 

eating:   No, Mark did wrong, but sending him to jail was  wrong, 

too.   The  Feds and local computer cops and the courts have  to   

come  up with punishments appropriate to the crime.  Cyber-crimes 

(or cyber-errors) should not be rewarded by a trip to an all male 

hotel where the favorite toy is a phallically carved bar of soap.



On  the other hand, hackers in general are so incensed  over  the 

recent swell of headline grabbing break-ins, and law  enforcement 

has  thus far appeared to be impotent, ("These guys  are  good.") 

that many are searching for alternative means of retribution.



"An IRA style knee capping is in order," said one.



"That's  not  good enough, not enough pain," chimed  in  another.  

(Sip, sip. I can almost taste the coffee.)



"Are  you  guys serious?" I asked.  Violence?  You? I  thought  I 

knew them better than that. I know a lot of hackers, none that  I 

know  of  is  violent,  and this  extreme  Pensacola  retribution 

attitude seemed tottally out of character.  "You really  wouldn't 

do that, would you?"  My dinner companions were so upset and they 

claimed to echo the sentiment of all good-hackers in good  stand

ing, that yes, this was a viable consideration.



"The Feds aren't doing it, so what choice do we have?  I've heard 

talk  about  taking up a collection to pay for a hit man .  .  ."  

Laughter around, but nervous laughter. 



"You wouldn't. . ." I insisted.



"Well,  probably  not  us, but that  doesn't  mean  someone  else 

doesn't won't do it." 



"So you know who's behind this whole thing."



"Fucking-A  we do," said yet another hacker chomping at the  bit. 

He was obviously envisioning himself  with a baseball bat in  his 

hand.



"So do the Feds."



So now I find myself in the dilemma of publishing the open secret 

of who's behind the Internet sniffing and Pentagon break ins, but 

after  talking  to people from both the underground and  law  en

forcement,  I think I'll hold off awhile  It serves no  immediate 

purpose other than to warn off the offenders, and none of us want 

that.



Obviously all is not well in hacker-dom.



			* * * * *



The  registration  area  was beyond  full;  computers,  backpacks 

everywhere,  hundreds  of what I have to refer to as kids  and  a 

fair number of above ground security people.  Padgett Peterson of 

Martin  Marietta was going to talk about viruses, Sara Gordon  on 

privacy, Mark Aldrich is a security guy from DC., and a  bunch of   

other  folks I see on the seemingly endless security  trade  show 

circuit. Jeff Moss had marketed himself and the show excellently.  

Los Angeles sent a TV crew, John Markoff from the New York  Times 

popped  in as did a writer from Business Week.  (And  of  course, 

yours truly.) 



Of  the  360 registrees ("Plus whoever snuck in," added  Jeff)  I 

guess about 20% were so-called legitimate security people. That's 

not to belittle the mid-20's folks who came not because they were 

hackers, but because they like computers.  Period.  They hack for 

themselves and not on other systems, but DefCon II offered  some

thing for everyone.  



I  remember 25 years ago how my parents hated the way  I  dressed 

for  school or concerts or just to hang out: God forbid! We  wore 

those damned jeans and T-shirts and sneakers or boots! "Why can't 

you dress like a human being," my mother admonished me day  after 

day,  year after year.  So I had to check myself because I  can't 

relate  to Seattle grunge-ware. I'm just too damned old  to  wear 

shirts that fit like kilts or sequin crusted S&M leather  straps.  

Other   than  the  visual  cacophony  of  dress,   every   single 

hacker/phreak that I met exceeded my expectations in the area  of 

deportment.



These  are not wild kids on a rampage.  The stories  of  drug-in

duced  frenzies  and peeing in the hallways  and  tossing  entire 

rooms  of  furniture  out of the window that  emanated  from  the 

HoHoCons  seemed  a million miles away.  This was  admittedly  an 

opportunity  to party, but not to excess.  There was work  to  be 

done, lessons to be learned and new friends to make.  So  getting 

snot  nosed drunk or ripped to the tits or Ecstatically high  was 

just not part of the equation.  Not here.



Now   Vegas  offers something quite distinct  from  other  cities 

which host security or other conventions.  At a Hyatt or a Hilton 

or  any other fancy-ass over priced hotel, beers run $4 or  $5  a 

crack  plus  you're expected to tip the black tied  minimum  wage 

worker  for  popping the top.  The Sahara (for all of  the  other 

indignities we had to suffer) somewhat redeemed  itself by offer

ing an infinite supply of $1 Heinekens. Despite hundreds of  beer 

bottle  spread  around the huge conference area  (the  hotel  was 

definitely  stingy in the garbage pail business) public  drunken

ness  was  totally absent.  Party yes.  Out of control?  No  way.  

Kudos!



Surprisingly, a fair number of women (girls) attended.  A handful 

were there 'for the ride' but others . . . whoa! they know  their 

shit. 



I hope that's not sexist; merely an observation.  I run across so 

few  technically fluent ladies it's just a gut reaction.  I  wish 

there  were more.  In a former life, I owned a TV/Record  produc

tion  company called Nashville North. We specialized  in  country 

rock taking advantage of the Urban Cowboy fad in the late 1970's. 

Our crew of producers and engineers consisted of the   "Nashville  

Angels."  And boy what a ruckus they would cause when we recorded 

Charlie  Daniels  or Hank Williams: they  were  stunning.   Susan 

produced and was a double for Jacqueline Smith; we  called  Sally 

"Sabrina"  because  of her boyish appearance and  resemblance  to 

Kate Jackson.  A super engineer.  And there was Rubia Bomba,  the 

Blond  Bombshell,  Sherra,  who I eventually  married:  she  knew 

country music inside and out - after all she came from  Nashville 

in the first place.  



When we would be scheduled to record an act for live radio,  some 

huge famous country act like Asleep at The Wheel of Merle Haggard 

or Johnny Paycheck or Vassar Clements, she would wince in  disbe

lief when we cried, "who's that?"  Needless to say, she knew  the 

songs, the cues and the words.  They all sounded alike.   Country 

Music?  Ecch.  (So I learned.)



At  any rate, ladies, we're equal opportunity  offenders.   C'mon 

down and let's get technical.



As  the  throngs pressed to register, I saw an old  friend,  Erik 

Bloodaxe.   I've  known him for several years now and  he's  even 

come  over to baby sit the kids when he's in town.   (Good  prac

tice.)    Erik  is about as famous as they come in the  world  of 

hackers.   Above ground the authorities investigated him for  his 

alleged  participation in cyber crimes: after all, he was one  of 

the  founders of the Legion of Doom, and so, by default, he  must 

have done something wrong.  Never prosecuted, Erik Bloodaxe lives 

in  infamy amongst his peers.  To belay any naysayers,  Erik  ap

peared on every single T-shirt there.



			"I Only Hack For Money,"

				 Erik Bloodaxe



proclaimed  dozens of shirts wandering through  the  surveillance 

laden casinos. His is a name that will live in infamy.  



So  I  yelled  out, "Hey Chris!"  He gave  his  net-name  to  the 

desk/table registrar. "Erik Bloodaxe."



"Erik  Bloodaxe?"  piped up an excited high pitched  male  voice.  

"Where?"  People pointed at Chris who was about to be  embarrass

ingly amused by sweet little tubby Novocain who practically bowed 

at Chris's feet in reverence.  "You're Erik Bloodaxe?"   Novocain 

said  with nervous awe - eyes gleaming up at Chris's  ruddy  skin 

and blond pony-tail.  



"Yeah,"  Chris  said in the most off handed  way  possible.   For 

people who don't know him this might be interpreted as  arrogance 

(and yes there is that) but he also has trouble publicly  accept

ing  the  fame  and respect that  his  endearing  next-generation 

teenage fans pour on him.



"Wow!"  Novocain  said with elegance and panache.   "You're  Erik 

Bloodaxe."  We'd just been through that said Chris's eyes.



"Yeah."



"Wow,  well,  um,  I  . . . ah . . . you're . . .  I  mean,  wow, 

you're  the best."  What does Sylvia Jane Miller from  Rumpsteer, 

Iowa  say to a movie star?  This about covered it.   The  Midwest 

meets  Madonna.   "Wow!"   Only here it's  Novocain  meets  Cyber 

Christ himself.







Like any other security show or conference or convention there is 

a kickoff, generally with a speech.  And DefCon II was no  excep

tion.  Except.



Most conventional conventions (ConCons) start at 7:30 or 8:00  AM 

because, well,  I don't know exactly why, except that's when  so-

called  suits are expected to show up in their cubicles.     Def

Con, on the other hand, was scheduled to start at 10PM on  Friday 

night  when  most  hakcers show up for work.  Most  everyone  had 

arrived  and we were anxiously awaiting the  opening  ceremonies.  

But, here is where Jeff's lack of experience came in.  The  kick-

off speaker was supposed to be Mark Ludwig of  virus writing fame 

and controversy.  But, he wasn't there!



He had jet lag.



"From Phoenix?" I exclaimed in mock horror to which nearby  hack

ers saw the absurdity of a 45 minute flight jet lag.  Mark has  a 

small  frame and looks, well, downright weak, so I figured  maybe 

flying  and  his constitution just didn't get along  and  he  was 

massaging his swollen adenoids in his room.  



"Oh,  no!  He's  just come in from Australia . .  ."   Well  that 

explains it, alright!  Sorry for the aspersions, Mark.



But Jeff didn't have a back up plan. He was screwed.  Almost four 

hundred people in the audience and nothing to tell them.  So, and 

I can't quite believe it, one human being who had obviously never 

stood  in front of a live audience before got up in an  impromptu 

attempt  at stand up comedy.  The audience was ready  for  almost 

anything  entertaining but this guy wasn't. Admittedly it  was  a 

tough spot, but . . .



"How do you turn a 486 into an 8088?"  



"Add Windows."  Groan. Groan.



"What's  this?"  Picture the middle three fingers of  your  right 

hand wiggling madly.



"An  encrypted  this!"   Now hold out  just  the  middle  finger.  

Groan.  Groan.



"What's  this?"   Spread your legs slightly  apart,  extend  both 

hands to the front and move them around quickly in small circles.



"Group Air Mouse."  Groan. 



The  evening  groaned on with no Mark nor any able  sharp  witted 

comedian in sight. 







Phil  Zimmerman wrote PGP and is a God, if not Cyber-Christ  him

self to much of the global electronic world.  Preferring to  call 

himself a folk hero (even the Wall Street Journal used that term) 

Phil's diminutive height combined with a few too many pounds  and 

a  sweet  as sweet can be smile earn him the title  of  Pillsbury 

Dough  Boy look alike.  Phil is simply too nice a guy to  be  em

broiled  in a Federal investigation to determine if he broke  the 

law  by  having PGP put on a net site.  You see, the  Feds  still 

think  they can control Cyberspace, and thereby maintain  antique 

export laws: "Thou shalt not export crypto without our  approval" 

sayeth the NSA using the Department of Commerce as a whipping boy 

mouth  piece.  So now Phil faces 41-51 months of  mandatory  jail 

time if prosecuted and convicted of these absurd laws.  



Flying  in from Colorado, his appearance was  anxiously  awaited. 

"He's really coming?"  " I wonder what he's like?"  (Like  every

one  else, fool, just different.)  When he did arrive, his  shit-

eating  grin  which really isn't a shit-eating  grin,  it's  just 

Phil's own patented grin, preceeded him down the hallway.  



"Here  he is!"  "It's Phil Zimmerman."  Get down and bow.   "Hey, 

Phil the PGP dude is here."



He  was  instantly surrounded by those who recognize him  and  by 

those  who  don't but  want  to  feel like part of the  in-crowd.  

Chat chat, shit-eating grin, good war stories and G-rated  pleas

antries.  Phil was doing what he does best: building up the  folk 

hero image of himself.  His engaging personality (even though  he 

can't  snorkel to save his ass) mesmerized the young-uns  of  the 

group.  "You're Phil?"  



"Yeah."   No  arrogance,  just a warm  country  shit-eating  grin 

that's  not really shit-eating.  Just Phil being Phil.  He  plays 

the part perfectly.



Despite the attention, the fame, the glory (money? nah . . .) the 

notoriety and the displeased eyes of onlooking Computer Cops  who 

really  do  believe he belongs in jail for 4 years,  Phil  had  a 

problem tonight.  A real problem.



"I  don't have a room!" he quietly told Jeff at the desk.   "They 

say  I'm  not registered."  No panic.  Just  a  shit-eating  grin 

that's not a shit-eating grin and hand the  problem  over  to the 

experts:  in  this case Jeff Moss.  Back to his  endearing  fans.  

Phil is so damned kind I actually saw him giving Cryptography 101 

lessons  on  the corner of a T-shirt encrusted table.  "This  is   

plaintext and this is crypto.  A key is like a key to your  hotel 

room . . . "   If only Phil had a hotel room.



Someone  had screwed up. Damn computers.  So the search  was  on.  

What had happened to Phil's room?  Jeff is scrambling and  trying 

to  get the hotel to rectify the situation. Everyone  was  abuzz.  

Phil,  the  crypto-God himself was left out in  the  cold.   What 

would he do?



When  suddenly, out of the din in the halls, we heard  one  voice 

above all the rest:



"Phil can sleep with me!"  



Silence.   Dead stone cold silence.  Haunting silence like  right 

after  an  earthquake and even the grubs and  millipedes  are  so 

shaken they have nothing to say.  Silence. 



The  poor kid who had somehow instructed his brain to  utter  the 

words  and permitted them to rise through his esophagus  and  out 

over  his  lips stood the object of awe, incredulity  and  mental 

question marks.  He must have thought to himself, "what's  every

one  staring  at?  What's going on?  Let me in on it."   For  the 

longest  10 seconds in the history of civilization he  had  abso

lutely no clue that he was the target of attention.  A handful of 

people even took two or three steps back, just in case.  Just  in 

case of what was never openly discussed, but nonetheless, just in 

case.



And  then the brain kicked in and a weak sheepish smile of  guilt 

overcame  this cute acne-free baby-butt smooth-faced  hacker  who 

had  certainly  never had a shave, and was barely old  enough  to 

steer his own pram. 



"Ohhhhhh . . . . noooooo," he said barely louder than a  whisper.  

"That' not what I mean!"



I nearly peed laughing so hard in unison with a score of  hackers 

who agreed that these misspoken words put this guy in the unenvi

able  position  of being the recipient of a  weekend  of  eternal 

politically incorrect ridicule.  



"Yeah, right.  We know what you mean . . "



"No  really . . ." he pleaded as the verbal assaults on  his  al

leged sexual preferences were slung one after the other.  



This  poor kid never read Shakespeare: "He who doth  protest  too 

much . . ."  



If  we  couldn't have a great kickoff speech, or  comedian,  this 

would have to do.  



The majority of the evening was spent making acquaintances:



"Hi, I'm Jim.  Oops, I mean 'Septic Tank," was greeted with  "Oh, 

you're Septic. I'm Sour Milk."  (Vive la difference!) People  who 

know  each  other electronically are as surprised to  meet  their 

counterparts  as are first daters who are in love with the  voice 

at  the other end of the phone.  "Giving good phone" implies  one 

thing while "Having a great keystroke" just might mean another.  



The din of the crowd was generally penetrated by the sounds of  a 

quasi-pornographic  Japanese high tech toon of  questionable  so

cially redeeming value which a majority of the crowd appeared  to 

both  enjoy and understand.  I am guilty of neither by reason  of 

antiquity.



And so it goes.



			* * * * * 



Phil Zimmerman must have gotten a room and some sleep because  at 

10AM  (or closely thereafter) he gave a rousing (some  might  say 

incendiary)  speech  strongly attacking the  government's  nearly 

indefensible position on export control  



I was really impressed.  Knowing Phil for some time, this was the 

first  time I ever heard him speak and he did quite an  admirable 

job.  He ad libs, talks about what he want to talk about and does 

so in a compelling and emotional way. His ass is on the line  and 

he  should be emotional about it.  The audience, indeed  much  of 

counter culture Cyberspace loves Phil and just about anything  he 

has  to  say.  His affable 40-something attorney  from  Colorado, 

Phil  DuBois  was there to both enjoy the  festivities  and,  I'm 

sure,  to keep tabs on Phil's vocalizations.  Phil is almost  too 

honest  and open for his own good.  Rounds and rounds of  sincere 

appreciation.







Hey  kids,  now  it's time for another round  of  Spot  The  Fed.  

Here's  your  chance to win one of these wonderful "I  Spotted  A 

Fed" T-shirts. And all you have to do is ID a fed and it's yours.  

Look  around you?  Is he a Fed?  Is she under cover or under  the 

covers? Heh, heh.  Spot the Fed and win a prize.  This  one-size-

fits-all  XXX Large T-shirt is yours if you Spot the Fed.  I  had 

to  keep silent.  That would have been cheating.  I hang  out  on 

both sides and have a reputation to maintain.



"Hey,  I  see one" screeched a female voice (or  parhaps  it  was 

Phil's  young admirer) from the left side of the 400+ seat  ball

room.   Chaos!  Where? Where?  Where's the fed?  Like  when  Jose 

Consenko  hits  one  towards the center field  fence  and  70,000 

screaming  fans  stand on their seats to get a better view  of  a 

three inch ball 1/4 mile away flying at 150 miles per  hour, this 

crowd stood like  Lemmings  in view of Valhalla the Cliff to espy  

the  Fed.  Where's the Fed?



Jeff jumped off the stage in anxious anticipation that yet anoth

er anti-freedom-repressive law enforcement person had blown   his  

cover.   Where's the Fed?  Jeff is searching for the accuser  and 

the  accused.  Where's the Fed?  Craned necks as far as  the  eye 

can see; no better than rubber neckers on Highway 95 looking  for 

steams of blood and misplaced body parts they half expected a Fed 

to  be  as  distinctly obvious as Quasimoto  skulking  under  the 

Gorgoyled parapits of Notre Dame.  No such luck.  They look  like 

you and me. (Not me.)  Where's the Fed?



He's getting closer, closer to the Fed.  Is it a Fed?  Are you  a 

Fed?  C'mon, fess up.  You're a a fed. Nailed.  Busted.  Psyche!



Here's  your  T-shirt.   More fun than Monty  Hall  bringing  out 

aliens  from behind Door #3 on the X-Files.  Good clean fun.  But 

they didn't get 'em all.  A couple of them were real good.   Must 

have  been  dressed  like an Hawaiian surf bum  or  banshee  from 

Hellfire, Oregon.  Kudos to those Feds I know never got  spotted.  

Next year, guys.  There's always next year.



Phil's notoriety and the presence of the Phoenix, Arizona prosecu

tor   who was largely responsible for the dubiously effective  or 

righteous  Operation  Sun Devil, Gail Thackeray  ("I  change  job 

every 4 years or so - right after an election")  brought out  the 

media.  The LA TV station thought they might have the makings  of 

a story and sent a film crew for the event.  



"They're Feds. The ones with the cameras are Feds.  I know it. Go 

ask 'em."  No need. Not. 



"Put away that camera."  At hacking events it's proper  etiquette 

to ask if people are camera shy before shooting.   The guy that I 

was  sitting next to buried his face in his hands to avoid  being 

captured on video tape. 



"What are you; a Fed or a felon?" I had to ask.



"What's the difference," his said.  "They're the same thing."  So 

which  was it, I wondered.  For the truly paranoid by  the  truly 

paranoid.   



"Get  that  thing outta here," he motioned to the film  crew  who 

willingly  obliged  by turning off the lights.   "They're  really 

Feds,"  he whispered to me loud enough for the row in  front  and 

behind us to hear.  



I moved on.  Can't take chances with personal safety when I  have 

kids to feed.  Fed or felon, he scared me.



Gail Thackeray  was the next act on stage. She was less in agree

ment about Phil Zimmerman than probably anyone (except the  unde

tected Feds) in the audience.  She, as expected, endorsed much of 

the  law  enforcement programs that revolve  around  various  key 

management  (escrow) schemes.  Phil recalls a letter  from  Burma 

that  describe how the freedom fighters use PGP to  defend  them

selves against repression.  He cites the letter from Latvia  that 

says  electronic  freedom as offered by PGP is one of  the  only   

hopes for the future of a free Russia.  Gail empathizes but  sees 

trouble  closer  to home. Terrorism a la World Trade  Center,  or 

rocket launchers at O'Hare Airport, or little girl snuff films in 

Richmond,  Virginia,  or the attempt to poison the  water  supply 

outside of Boston.  These are the real threats to America in  the 

post Cold War era.



"What about our personal privacy!" cries a voice.  "We don't want 

the  government listening in.  It's Big Brother 10  years  behind 

schedule." 



Gail  is amused.  She knew it would be a tough audience  and  has 

been through it before.  She is not shaken in the least.  



"I've read your mail," she responds.  "Its not all that interest

ing."   The audience appreciates a good repartee. "You gotta  pay 

me  to  do this, and frankly most of it is pretty  boring."   She 

successful made her point and kept the audience laughing all  the 

way.



She then proceeded to tell that as she sees it, "The  expectation 

of  privacy isn't real."  I really don't like hearing this for  I 

believe  in the need for an Electronic Bill of Rights.  I  simply 

think she's wrong.  "History is clear," she said  "the ability to 

listen in used to be limited to the very few.  The telegraph  was 

essentially  a  party line and still today in  some  rural  areas 

communications aren't private.  Why should we change  it now?"



"Gail,  you're so full of shit!" A loud voice bellowed from  next 

to me again. Boy can I pick seats. "You know perfectly well  that 

cops  abuse the laws and this will just make their  jobs  easier. 

Once people find a way to escape tyranny you all want to bring it 

right  back again.  This is revolution and you're scared of  los

ing.  This kind of puke scum you're vomiting disgusts me.  I just 

can't  take it any more. " Yeah, right on.   Scattered  applause.  

While  this  'gent' may have stated what was on many  minds,  his 

manner was most unbefitting a conference and indeed, even  DefCon 

II.   This was too rude even for a hacker get-together.  The  man 

with  the  overbearing comments sat down apologizing.  "She  just 

gets  me going, she really does.  Really pisses me off  when  she 

goes on like about how clean the Feds are.  She knows better than 

to run diarrhea of the mouth like that."



"You  know,"  she continued.  "Right across the street is  a  Spy 

Shop.  One of those retail stores where you can buy bugs and taps 

and eavesdropping equipment?"  The audience silently nodded.  "We 

as law enforcement are prohibited by law from shopping there  and 

buying  those same things anyone else can.  We're losing on  that 

front."  Cheers. Screw the Feds.





Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.