Plateforme de Hacking


HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)

Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.

Challenges
Vous pourrez également participer à de nombreux challenges
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: banm-1.dms.txt
    /=======\          //=\\         /-\      ||        /-\      /-\
   ||       |         //   \\       || \\     ||       // \\    // \\
   ||       |    _   //     \\   _  ||  \\    ||  _   //   \\  //   \\
   ||---------  |_| //=======\\ |_| ||   \\   || |_| //     \__/     \\
   ||         |    //         \\    ||    \\  ||    //                \\
   ||         |   //           \\   ||     \\ ||   //                  \\
    \========/   //             \\  ||      \\_/  //                    \\
  B  e  l  l    A  t  l  a  n  t  i  c    N  y  n  e  x    M  o  b  i  l  e 
                                    o  r   
B l u n d e r i n g   A s s h o l e s   w h o   d o n ' t   k N o w  M u c h                               
                                     /\
                                    /--\
                                   /----\
                                 /--------\
                               /------------\
                             /----------------\

                           /--------------------\
                         /------------------------\
                       /----------------------------\
                     /--------------------------------\
                   /------------------------------------\
                  |A Few Bell Atlantic Nynex Mobile Phone|
                  |---Services Explained & other stuff---| 
                   \-------------by mechanic------------/
                     \______________part 1____________/
_________
Contents:
^^^^^^^^^
1.) Forward
2.) Brochure information, some stupid and some not
3.) *VM Voice Mail, what it is, and how to use it from your phone
4.) what it is, how to use Locked Mobile
5.) Closing

section: 1
_______
Forward 
^^^^^^^
 
        Hello there, I know whis may be known to alot of people as general 
information, but what the h/p scene is lacking nowadays is information. 
The h/p scene is all about learning and sharing your knowledge. I write about
what I know about, no matter how insignifigant. Becasue the more that is made
availible to the scene, the more people will learn, and maybe be able to use
some day. Because learning is the whole point of hacking. Right? This is 
probably on of the most widely argued topics within the scene, but that is my
view. Enough with the chit-chat crap, and onto the file. Oh yea, and please
excuse the lame ascii attempt at the top, it's 2 am, played with the VMS8 
enuff for tonight, and am bored as hell. Looked cool at the time, I have been
awake for about 36 hours, strung out on NoDoz, Jolt, Krank20, Soda, and Kona,
soo, heh, okay.
        Welp, In this issue I hope to cover most of the options, menu's, 
and what to do's, with BANM's phone services offered such as *VM Voice Mail, 
TalkDial, and a few cool things that can be found in brochures that are found
at almost any BANM location, such as "programming instructions" and BANM 
service numbers. (I enjoy hanging out at my local BANM store, and making free
calls from the display phones there...) oh yea, at almost any BANM store,  
they have "Display" phones out on the floor. 90% Of these phones are on and
usable, just either ask a dumb sales clerk if you can make a call on it to 
try it out, and/or make the call descretly to defcon (801-855-3326), and tell 
them where ya are. ;) If you happen to get kicked out of the store, go down
the street to the next cell phone place, and do the same thing. This makes 
for hours of fun.


section: 2
______________________________________________
Brochure information, some stupid and some not
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        Welp, while at the store the other day making my usual daily calls to
friends, family, and other memb's of DMS, I was looking through a brochure, 
and saw a few things that were interesting. First, on one of the inside covers
I saw a diagram explaining how to program a new number into a phone, including
ESN programming and such, this is a crude form of what it looks like.

                   PHONE PROGRAMMING INSTRUCTIONS
     ___________________________________________________________
    |                                         |                 |
    | ENTER                                   | PHONE DISPLAYS  |
    |_________________________________________|_________________|
    |                                         |                 |
    | Step 1   While holding down the [FNC]   |     PHONE#      |
    |          button turn on the phone by    |                 |
    |          pressing the [PWR] button      |                 |
    |_________________________________________|_________________|
    |                                         |                 |
    | Step 2   Enter your new cellular phone  |                 |
    |          number (including area code)   |      SIDH#      |
    |          Press [SEND]                   |                 |
    |_________________________________________|_________________|
    |                                         |                 |
    | Step 3   Enter 5 digit SID              |       ESN       |
    |          Press [SEND]                   |                 |
    |                                         |                 |
    |          Press [END] to exit programming|                 |
    |_________________________________________|_________________|

( this is assuming your phone is a Motorola Cell Clone, errr... Phone :)
 
 * the caps letters in between the []'s are buttons.
 * what the PHONE DISPLAYs column is for is what the phone is expecting to   
   be entered by the programmer into the phone.
 * a SID is a Carrier .S.ystem .ID.
 * These programming instructions are to be followed with a new fone, to 
   enter the new phone number into the phone, after dialing
   1-800-523-7961 ( Bell Atlantic Nynex Mobile Activation Center )
   I have not really played with this much, but you may be able to social e
   some ESN's and such out of the operators, because we all know that 99.9%
   of the operators in this world are dumbas bricks, who follow a given set 
   of instructions to follow, and what to say, etc.. refer to the older DMS 
   file I wrote on social engineering techniques.

Some customer service numbers for BANM that I found throughout a few pamphlets 
were:

For Eastern Massachusetts
    Rhode Island 
    Rockingham County, NH.....................................1-800-538-4747

For Conneticuit
    Western Massachusetts.....................................1-800-852-3630
*some options from the main menu on this C-S line are as follows:
  the only interestiong one i thought was "Press one for PIN code 
  information......"


section: 3
_____________________________________________________________
*VM Voice Mail, what it is, and how to use it from your phone
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

        *VM voice mail, from BANM, is just another voice mail service offered
by the "profiteering gluttons". It is BANM's "easy to use" voice mail 
service. I looked through it, and uless you have a photographic memory, this
guide will come in handy when playing with this service.

Setting up your voice mail for the first time:
----------------------------------------------
1. Press [CLR]
2. Press [*] [V] [M] (*86) [SEND]
   (or dial your cellular number from a touch tone phone)
3. When the recorded announcement begins, interrupt the message by pressing 
   [#]
4. Enter your tempory password of 1 + the last four digits of your cell fone
   number. 
 
 (*!* Great security feature eh!? welp, most people, like on systems, tend
      to stick with their defualt password, so you can break into / take 
      over a good amount of *VM mailboxes this way. Defaults anywhere are a
      good thing to know first off.)
5. Create your personal 4 to 15 digit password.
 
 (*!* In most cases, if they do change it, it will be something like a home 
      phone number, the cell phone number, birthdate... etc, GO TRASHING@#$)

6. Record your personal greeting.

Message waiting indicator:
--------------------------
This will notify you of new messages in your mailbox
To turn notification on/off:
1.) Enter the main menu
2.) Press [4] (personal options)
3.) Press [1] (outcall notification)
4.) Press [3] for ON or [4] for OFF

Retrieving Messages:
--------------------
1.) Dial your cellular number, or press [*] [V] [M] [SEND]
    (messages can also be retrieved by dialing your cellular number from a
     phone / office phone)
2.) Press [#] when you hear the greeting.
3.) Enter your password. 
4.) To retrieve messages press [1]
5.) To save a message, press [9]
    To erase a message, press [7]

Geeting messages from outside your local calling area (npa):
------------------------------------------------------------
1.) Conneticuit:                              203-494-MAIL
    Western Massachusetts:                    413-448-1600 
    Vermont:                                  802-238-MAIL
2.) Press [SEND]
3.) After the promt, dila your 10 digit cellular number
4.) then follow the retriving messages section above

Limits for basic and enhanced voice mail packages:
--------------------------------------------------
Max greeting length...........................30 seconds
Max greeting length for enhanced..............2 minutes
Max message length............................5 minutes
New messages retained on system...............30 days
Saved messages retained on system.............30 days
Max number of messages........................40

Playback controls 
- - - - - - - - -
while lstening to a message
---------------------------
[1]             rewind message 10 seconds
[1][1]          rewind to start of message
[2]             pause (press again to resume)
[3]             move 10 seconds forward
[3][3]          goto the end of the message
[4]             slow playback
[5]             date and time of message
[6]             increase speed of message
[7]             erase message
[8]             return volume to normal
[9]             increase volume
[#]             skip to next message

To change your password:
------------------------
1.) enter the main menu
2.) press [4] (personal options)
3.) press [2] (administrative options)
4.) press [1] (password)
5.) press [1] to change or establish your password*
        * this meaning that some mail boxes may not even have a password set
          I am not sure of the defualts but it is probably something like the
          last 4 digits of the number, 0000, or 9999

To change or select your personal greeting:
-------------------------------------------
1.) enter the main menu
2.) press [4] (personal options)
3.) press [3] (greetings)
4.) press [1] to select or change Personal Greeting
5.) press [2] to select or extend absence greeting
6.) press [3] to change your name

Heres is a layout of the system, and the all the menu's
----------------------------------------------------------------------------
caution: this may get confusing as hell, especially if the text is distorted
         in any way.
----------------------------------------------------------------------------
the *'s mean that another menu branches off of that option

MAIN MENU:
check messages:
[1][1]          unheard messages
[1]             listen*
[2]             send* (enhanced package only)
[3]             check receipt* (enhanced package only)
[4]             personal options*
[5]             restart
[*]             disconnect from Voice Mail System (VMS)

menu: [1] from main menu (listen)
---------------------------------
               rewind    pause/restart   forward
position        [1]           [2]          [3]

               slower       envelope      faster
speed           [4]           [5]          [6]

             (nothing)       normal       louder
volume          [7]           [8]          [9]

                     ||||||
                     \====/
                       \/
                         
                skip message [#]
                 
               -after listening-

[4] replay
[5] envelope
[6] send copy
[7] erase*    =======>  [*] return to main menu
[8] replay
[9] save

menu: [2] from main menu (send)
-------------------------------
from 
main 
press [2] ==> record messages ==> end [#] ==> press [1] to replay ==\ 
          /---------------------------------------------------------/
          \=> enter destination mailbox (another menu comes up):                                                            

     -private [1] ==> [#] send ==> enter additional destination
                            \==> no more destinations (quit) [*]
     -urgent [2] ==> [1] confirm receipt              
                    [2] notify of non-receipt    
     -message confirmation [3]
     -future delivery [4] ===> follow prompts to set up scedule

menu: [3] from main menu (check receipt
---------------------------------------
from main press [3] ==> enter mailbox number 

menu: [4] from main menu (personal options) ==> (another menu):

        [1] notification on/off  ==> [1] on | [2] off
        [2] administrative options  ==> (another menu):
                   [1] passwords ==>  [1] to change or establish password
                   [2] group dist. lists ==> [1] create; [2] edit; [3] delete; 
                                            [4] list names
                   [3] prompt level ==> [1] standard; [2] extended; [3] rapid
                   [4] date/time
        [3] greetings ==> [1] personal sceduled greeting
                          [2] extend absecse greeting
                          [3] name
        [4] notification scedule => follow the system prompts to set up
                                    pager scedule


closing note on the *VM Voice Mail system
-----------------------------------------
        I hope this will help you through your navigation of the *VM system.
and I also hope that this isn't distorted in any way, best to view this in
dos or a *nix system.


section: 4
----------------------------------------
What it is, and how to use Locked Mobile
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
        Locked mobile is a service that comes on most phones now, that you
have to enter your personal PIN number to use the phone. This is a breif 
guide on how to use the Locked Mobile system on your clone... errr.. phone =]
Also, note that Locked Mobile doesn't restrict incoming calls or emergency 
calls to *911. This is a really dumb form of security on phones. Seeing as how
people can call you, you can still ride up the minutes on a phone anyways. 
You will just have to have everyone call you on your phone if it is closed, 
unless you can figure out the PIN number to the phone. Which is still better
than actually paying for services.

        To lock your cellular service:
                - press [*] [5] [6] + PIN # + [SEND]
                - after the confirmation tone, press [END]

        To unlock your cellular service:
                - press [*] [5] [6] [0] + PIN + [SEND]
                - after the confirmation tone, press [END]

        To change your PIN code:
                - dial 1-800-852-3630* + [SEND]
                   *this is a good number to have, seeing if you cannot find
                    the PIN code, you can social e the PIN number out of the
                    operator, you just have to know a little information 
                    about the phone you cloned

                - Follow the voice prompts

        Once you have unlocked your cellular service, it will remain unlocked
        until you:
                - manually lock your service by dilaing [*] [5] [6] + PIN +
                  [SEND]
                - turn off your phone for a min. of 23 minutes in your home 
                  market (cell site)      
                - begin roaming or travel to a new roaming market.


section: 5
-------
Closing
^^^^^^^
        Welp, that's it for the first part of this series, took me a few
hours to write, so I hope at least some of you like it. This is the first part
of a series that will never end... because there are soo many cellular
services offered by BANM. Oh well... get this and other phine philes phrom:
http://mechanic.base.org | the DMS Homepage.
ttyl
.






Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.