Plateforme de Hacking est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)

Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.

Vous pourrez également participer à de nombreux challenges
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: p08-09.txt
                                ==Phrack Inc.==

                    Volume One, Issue Eight, Phile #9 of 9

PWN                                                                         PWN
PWN                            Phrack World News                            PWN
PWN                                                                         PWN
PWN                          Issue Seven/Part Two                           PWN
PWN                                                                         PWN
PWN                Compiled and Written by Knight Lightning                 PWN
PWN                                                                         PWN

P-80: Sting Board?                                              August 28, 1986
Below is a compilation of miscellaneous messages taken from the Communication/
Phreak section and the Elite user section of Pirate 80 Systems, a BBS run by
Scan Man, also known as Scott Higgonbotham.  Everything in []s are notes from
Sally Ride and myself.

                              ******        ******
                              ******        *******
                              ******        ********
                              ******        ******
                              ******  E I G H T Y

                                WELCOME ABOARD

                           <> Knowledge is Power <>
                           <>  Thomas Jefferson  <>

            [Enter:  An up and coming young phreaker named Shawn.]

05/28/86 19:43:24 (Read 42 Times)

               800 626 9600 CODE (XXXXXXX)
               800 222 4482 CODE (XXXXXX)
               800 521 8400 CODE (XXXXXXXX)
               800 227 0073 CODES (xxxxXxx X=0-9)
PBX: 312 455 7287 (CODE XXXX+Y)
503 652 6016:  ID:  XXX,XXX PASS ****


[In the above message, the numbers were followed by codes that I have since
censored out.  This magazine will *NOT* publish codes.]
[It's common knowledge that a BBS userlog must be blanked before a BBS can be
used as a sting board.  I've also heard that law enforcement officials have
been trying to bust P-80 and Scan Man for a long time, but have not been able
to accomplish anything.  Even the infamous Detective Dan Pasquale {See past
issues of Phrack World News, "Phoenix Phortress Stings 7" and "Oryan QUEST Vs.
Dan Pasquale"} and John Maxfield, head of BoardScan, are frustrated at being
unable to deal with Scan Man.  On June 20, 1986, or thereabouts, the following
message appeared in the logon to P-80;

                         "BI-ANNUAL USERLOG CLEANUP IN
                          EFFECT.  ALL MEMBERS PLEASE
                          RE-LOGIN AS A NEW USER..."]

06/20/86 22:04:41 (Read 50 Times)
From: ICARUS 1

TMC has just nailed a hacker associate of mine for $935.  The destination
numbers were called and someone spilled their guts.  The guy who got busted
is worried because the Alliance bills have not come in yet.  TMC users beware.
Make sure your friends are amnesiacs as the phreaker's bible says.


[Some friendly advice from Icarus 1, too bad not everyone heeded the message.]

06/21/86 19:44:09 (Read 44 Times)
From: ICARUS 1
To: SCAN MAN (Rcvd)

He was busted by TMC in the state of Nebraska.


06/21/86 20:43:10 (Read 43 Times)
To: ICARUS 1 (Rcvd)

Hey check it out, I use TMC in Youngstown, Ohio (216-743-6533), but when TMC
calls my phreak friends, they think the calls originate from Akron, Ohio which
is 60 or so miles away.  So when TMC calls and asks, "Do you know anyone in
Akron?" people usually are honest and just say no.  So even if I call
+relatives, etc. usually I'm safe.


06/21/86 05:30:37 (Read 51 Times)
Subj: TMC

What is the number to TMC?  I just want to know so that I'm sure not to use it.
Oh well, thanx and later.

          \_The Falcon_/

06/23/86 13:06:23 (Read 44 Times)
To: ICARUS 1 (Rcvd)

Well I told you guys a while ago that this would happen so stay away from them.


06/23/86 17:15:41 (Read 47 Times)
Subj: TMC

I was wandering around some guys hard drive this weekend and found some AT&T
mail regarding TMC.  From what I understand TMC is involved in the AT&T
AGETRIAL project.  Which indicates to me that TMC is also into computers and
consequently knows what a hacker is.  Another thing that was found was some
information on the 1PSS switch that has been developed by AT&T and has already
been deployed in dome BOCS and other communications networks.  This troubles me
in that this is the first that I have heard about it.  I meant to say that it
has been deployed on some networks already.  If you have any valid information
on the 1PSS SWITCH please post it and it will show up in the P.H.I.R.M. update
issue for July, giving you credit for the information of course.


07/13/86 13:48:51 (Read 75 Times)
To: SHAWN (Rcvd)

GOT ANY CODES FOR 800-451-2300?

[***IMPORTANT***  This is TMC's Miami, Florida dial-up.  An interesting request
from the sysop of one of the nation's top code boards.  For those of you who
remember it was Scan Man who asked the infamous Whacko Cracko Brothers, Inc.
{See PWN Issue II, "The Life And Crimes of The Whacko Cracko Brothers, Inc."}
to scan some codes on a certain dial-up just before they were arrested.  Now he
is asking Shawn for TMC codes, kinda interesting that Shawn got investigated
less than a week later by TMC Security Department isn't it?]

08/10/86 06:41:48 (Read 34 Times)
To: SCAN MAN (Rcvd)

Well sorry it took me so long to find this message I kept forgetting to look at
this one.  Anyway if you really need some [codes, referring to the last
message] I can dig some up easy enough well hack some I should say noting you
can get about 100 in a matter a 10 or 15 minutes so its no big deal to me
either way also watch 800 637 7377 I'm telling you now people that this company
has tracing stuff and I have talked with them they offer me a job and I'm goin
to take it but dont worry I'm not goin to be busting people I have to make it
so you guys cant get in notin it is very easy to make it at least very hard to
do ho well be careful.

[Be careful indeed! 800-637-7377 is TMC's Las Vegas dial-up.  What would you do
if you were about to lose your computer and maybe your freedom?  Work for the
other side?  The kid really has a way with words, I haven't seen spelling and
grammer like that since first grade.  As for his not busting people, isn't that
a laugh, he has already stated that he will bust anyone he can starting with
the lower level phreaks who are only into code abuse.]

08/10/86 13:14:13 (Read 34 Times)

To all users of Phreaker's Quest...

What happened to it? It just rings. If you have any info. Leave mail or

08/13/86 06:58:12 (Read 30 Times)

Well you see I came very close to getting busted they called my voice line that
is TMC of 800 637 7377 and I have never given it out to anyone at all [I bet!]
so I knew that i was in for it they told me they knew I ran a board and they
said they could not get in I kept deleted them haha anyways I had 2 choices 1
take it down 2 get busted.

[Wonder how they got your home number Shawn?  Did you give it out for
validation on Pirate-80?  Maybe around the time of the "Bi-annual userlog
cleanup"?  Or, could it be the cops are smart enough to ask the phone company
for any other line running into a house where a suspect BBS is running?]

08/12/86 19:10:47 (Read 29 Times)
Subj: TMC

Listen people... it is time to stop screwing with TMC.. (7377 number).  Our
good friend Shawn of Phreakers Quest just had his BBS put down from them.
Shawn met some guy from TMC, and they have had ANI on the number for months
now.  If you value your own security, throw away any and all TMC information
NOW, or you might be suffering the consequences later.

For details on the "Bust" call Theives Underground II.  It's SCARY!


08/12/86 23:50:02 (Read 28 Times)
To: JIM RATH (Rcvd)
Subj: REPLY TO MSG# 9052 (TMC)

          Where is Thieves Underground located?

[Why is Scan Man so interested in what Shawn is saying about his experience
with TMC?  I mean plenty of people on Pirate-80 have run-ins with some form of
security everyday and he doesn't go researching them, why is this "TMC Run-IN"
so important to him?   Maybe he has a personal reason to be interested, then
again maybe not.]
08/14/86 13:36:37 (Read 25 Times)
To: SCAN MAN (Rcvd)
Subj: REPLY TO MSG# 9054 (TMC)

I believe TU is in Texas somewhere.. dunno where exactly (never really bothered
remembering).. 214 AC though

08/15/86 03:54:20 (Read 16 Times)
To: JIM RATH (Rcvd)
Subj: REPLY TO MSG# 9052 (TMC)

If you want some details why dont you just ask me seeing as though i would be
the one to ask the TU only knows what i tell him and scan man i need to talk
with you about this they did have an idea of some things going on here and so
one i would rather say it to yo then type it in


Indeed, what is going on here Shawn?  Just what did TMC mention about
Pirate-80?  And why not post it in on the public boards?  For the answer to
that maybe one could talk to Jeff Namey who works for TMC and is very proud to
acclaim the efforts of one Scott Higgonbotham and his sting BBS Pirate 80 which
has, in his own words, "Saved my company from near bankruptcy at the hands of
the hackers."

It is also interesting to note that Scan Man recently admitted to being a
computer security consultant in Phrack Pro-Phile IV.  He said his boss didn't
know about his outside phreak/hack interests.

Scan Man also claims to have infiltrated various security organizations.  I
wonder if he has infiltrated or simply joined as a regular member.

The following are highlights of a conversation with Ben Graves of TMC, around
August 25th or 26th (SR=Sally Ride   BG=Ben Graves):

SR:  Mr. Graves I need to talk to you about one of your employee's a Scott
     Higgonbotham (Scan Man).

BG:  What about Scott?

SR:  Well, my company is concerned with the impact of computer hackers on our
     business.  Scott attended a convention in Miami around January and gave
     his business card to one of our security people.  I'm following up on
     their conversation with the idea that perhaps my company could be given
     access to Scott's electronic bulletin board.  In this way we could monitor
     for hackers abusing our codes.

BG:  That may be something we can arrange.  I know that Scott has been a great
     help to TMC since we were able to pick him up.  We began to have a big
     problem with hackers awhile back and Scott seems to have some of the
     answers.  He's not in right now, can I have your number and I'll have him
     call you back?

SR:  You sure can.  So, Scott's bulletin board has helped you reduce your
     losses to toll fraud?

BG:  Well,  that's just one of the ways Scott has used to work on the problem.
     But, he has been very effective.

SR:  Thanks, Ben, I'll be waiting for the call.
The following are highlights of conversation with Pauline Frazier of TMC from
around September 5, 1986   (Sally Ride: SR   Pauline Frazier: PF)

Operator:  TMC, may I help you?

SR:  Yes, Ben Graves, please.

Operator:  I'm sorry, Mr. Graves is no longer employed here.

SR:  Oh!? Well, is Scott Higgonbotham in?

Operator:  One moment, please.

PF:  Hello, this is Pauline Frazier, I'm the office manager, may I help you?

SR:  Well, maybe, I was trying to reach Ben Graves, I just talked to him last
     week about another one of your employees, Scott Higgonbotham, now the
     receptionist says Ben no longer works here.

PF:  Yes, that is true, and neither does Mr. Higgonbotham.

SR:  May I ask why?

PF:  I'm really not able to say much, I think you should talk to our
     Regional Security Director,  Kevin Griffo, he's on 804-625-1110.  He could
     tell you much more than I can.

SR:  O.K., but maybe I should tell you why I'm interested.  I  was talking to
     Ben about an electronic bulletin board Scott is running.  My company has
     someone on it and we're concerned that things might not be legal on there.
     There are access codes being posted of my company's and yours'.  Could
     that be why they're no longer employed?

PF:  Do you mean he is posting TMC codes on there?

SR:  Well, I can't say he's the one posting the codes, but he is letting them
     be posted, along with a lot of other information such as computer logins
     and passwords.

PF:  Well, you know I never did like it when they hired that fellow.  And,
     I told them so, too.  When he started we had a problem with toll fraud,
     but nothing like it is now.   He was able to catch a few of those hackers
     while he was here, and we pressed charges, but the problem just seemed to
     get worse and worse.

SR:  So, he actually had some hackers arrested?

PF:  Yes, several.  He started working here in Charleston and then they
     sent him to New York when things got bad up there.   But, things never
     have gotten any better since he's started here or in New York either.
     Sir, please, call Mr. Griffo about all this he can tell you more than I.

SR:  I will.  Do you think he'd be in now?

PF:  Well, it's late here and he's probably gone home, try Monday.

SR:  Thanks, I will.

     (But you told me plenty, sweetheart!)

[For the record I had a VERY similar chat with Pauline Frazier, it turned up
the same results.]
The following are highlights of a conversation with Kevin Griffo, TMC,
September 9th (Sally Ride:  SR  Kevin Griffo: KG).

Oper:  TMC, may I help you?

SR:  Yes, Kevin Griffo, please.

Oper:  His line is busy now, can he call you back?

SR:  Well, this is urgent, may I hold?

Oper:  Certainly, I'll let him know you're holding.

KG:  Hello, this is Kevin.

SR:  Mr.  Griffo I've been referred to you by one of your Charleston employees,
     Pauline Frazier.  She felt I should tell you what I told her yesterday
     about one of your now former employees, I think, Scott Higgonbotham.

KG:  Yeah, we let him go just last week.  What about him?

SR:  My company feels Scott is running an illegal BBS and has for sometime been
     allowing access codes to be posted.  Codes for your company's toll
     switches as well as ours and other's are being entered on his system as
     well as computer system logins and passwords.

KG:  Well, I'm not surprised.  I have been to Scott's home to see the bulletin
     board.  I knew codes were being posted, but I thought he was taking care
     of reporting them.

SR:  May I ask why you let him go?

KG:  Certainly, Scott just wasn't solving our problems.  In fact, some of our
     people have thought he was somewhat to blame for many of them.   Even
     though, at first, he appeared to be the answer.  He was able to identify
     several computer hackers for us.

SR:  So, he did bust some hackers?  Has he done so recently?  I think a young
     man using the name Shawn on the bulletin boards was recently identified by
     your company.

KG:  No, he hasn't gotten anyone recently that I'm aware of, but he could have
     turned them over to one of the local franchises.  You see TMC is a
     franchise operation.   We try to help the franchises, but many do their
     own thing.  We wouldn't necessarily know about all that goes on.

SR:  I'm sorry to hear you had this trouble.  Perhaps, my company could
     be of assistance.  We do work of a similar nature.

KG:  I'd certainly be interested in any help you could give.  Can you put
     together a written proposal?
I also had an interesting conversation with Larry Algard of Pacific Northwest
Bell.  He confirmed that he had met Scott Higgonbotham at the Miami CFCA
conference last January.  He also mentioned that Scott had told him about his
"sting" bulletin board, Pirate-80 in West Virginia.

For those who are interested:

TMC (Charleston Office).......................304-345-7275
Pauline Frazier, Office Manager (TMC).........See above
Jeff Namey, Accounts Receivable (TMC).........304-744-6555
TMC (Miami Office)............................305-371-3544
TMC (Tidewater)...............................804-625-1110
Larry Algard (Pacific North West Bell)........503-242-8862
Pacific North West Bell (Employee Directory)..800-426-7039

Or write to;   TMC
               405 Capitol St.
               Parlor Suite
               Charleston, West Virginia 25301

All the thoughts in []'s and other information are the insane ramblings of
Sally Ride:::Space Cadet and Knight Lightning, you tell me, are we spaced out
or what?!   The TMC employee interviews were by Sally Ride:::Space Cadet with
me doing the background information.

It was at this point in time that we decided to have a talk with Scan Man
directly and give him a chance to clear his name and reputation.

Unfortunately, Scan Man was very uncooperative and constantly avoided answering
the questions I asked him.  He also added that everything said in the
interviews were lies.  He claims that Kevin Griffo has never been to his house,
he doesn't know Ben Graves, and Pauline Frazier hated him because she knew he
was a hacker.

He then went on to imply that Sally Ride:::Space Cadet was actually an employee
of some communications carrier himself because of the terminology he used in
some of his posts on P-80.

Scan Man claimed that he has been telling people that he worked for TMC for
quite some time and he only needed the codes from Shawn because he was going to
be in Miami later that week.  In other words, Shawn's near bust and his asking
for TMC codes may have been a simple coincidence.

He claims to have done system analysis for TMC, but also admitted to securing
some of their computer systems, which isn't a crime.

As for his being at the Miami CFCA conference, I will assume that he was
infiltrating the con and was spotted as being a hacker.  In order to gain the
respect and confidence of the security officials, he told them that his
bulletin board was a sting.   Now, that story completely is believable with the
exception of how he arrived, a plane trip paid for by TMC.

Scan Man's last words contained a threat that if this affected his home life,
he would personally track down the writers and contributors and shoot them with
his rifle.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Notes from KL:

One thing that I should mention is the fact that Pirate-80 has *NEVER* been
busted or investigated.  I mean its not hard to get onto and there are codes
plastered everywhere you look.  How many boards do you know of that have been
busted for having codes on them?  One example of this is with the credit card
numbers owned by Richard Sandza, author of "The Night Of The Hackers" and "The
Revenge Of The Hackers," both printed in Newsweek Magazine.

"It wasn't long before I found out what was being done with my credit-card
 numbers, thanks to another friendly hacker who tipped me to Pirate 80, a
 bulletin board in Charleston, W. Va., where I found this:  'I'm sure you guys
 have heard about Richard Standza [sic] or Montana Wildhack.  He's the guy who
 wrote the obscene story about phreaking in NewsWeek [sic].  Well, my friend
 did a credit card check on TRW...try this number, it's a VISA...Please nail
 this guy bad...Captain Quieg [sic].'"

See this?  This was published in "The Revenge Of The Hackers" in Newsweek
Magazine!  And what happened to P-80?  Nothing!  Here Richard Sandza has just
announced to thousands of people that P-80 has credit card numbers posted on it
and nothing happened.  Why?  The answer to that is left to the reader.

There are a few other things to mention about Scan Man/P-80/TMC.  Supposedly
all of the computer equipment that P-80 runs on was donated by TMC themselves.
It is also believed that Scan Man's only duty to the company was to report TMC
codes so that they could be turned off.  It would appear that this had changed
but, we at Phrack Inc. in no way take any opinion whatsoever about the
innocence or guilt of Scan Man.  We leave it to the reader to decide for

I'm sure all parties concerned would appreciate you NOT calling the above
numbers if all you plan to do is harass people or anything else among those
same lines.  After all a job is a job and harassing someone wouldn't do
anyone any good either, it would just make them mad.  If you are going to call,
make sure it is for knowledge purposes only!  Above all do NOT call Scan Man to
harass him or his innocent family.  My suggestion is that if you feel that Scan
Man is an informant or whatever, then stop just calling his board.

One last thing, a *VERY* big thank you to Sally Ride:::Space Cadet for a job
well done and for all the time he spent working on the article.

                            Information Provided by

                  Knight Lightning & Sally Ride:::Space Cadet

                          and directly/indirectly by

     Blade Runner/Evil Jay/Forest Ranger/Icarus 1/Jack The Ripper/Jim Rath
Johnny Rotten/Larry Algard/Max Madness/Oryan QUEST/P-80 Systems/Scan Man/Shawn
              Suicidal Nightmare/Taran King/The Falcon/TMC Staff

                          and other Anonymous Sources

PS: For those interested, this investigation was sparked by the interception of
    a memo from Larry Algard (Pacific Northwest Bell) to his boss, George Reay.
    What was in the memo?  Several things, but mostly it spoke of the January
    CFCA (Communications Fraud Control Association) conference in Miami,
    Florida where Larry met one Scott Higgonbotham, Security Director for TMC
    (Tele-Marketing Company) who told him that he operated a "sting" bulletin
    board named Pirate 80 in West Virginia.

Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox

Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.