HackBBS.org est une communauté faisant évoluer un système de services vulnérables.
Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.
Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux
la plus agréable possible.
Vous pouvez nous rencontrer via notre salon irc .
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!
La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique, ainsi que différents articles plus poussés.
Sniffing
Cracking
Buffer overflow
Créations d'exploits
Social engineering
L'anonymat sur le web, spoofing
Bypass-proxy, Bypass-firewall
Injection de code SSI, SQL, etc...
Utilisation d'exploits, création de scripts(php, irc, perl)
VIDEO
Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.
Challenges
Vous pourrez également participer à de nombreux challenges
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)
Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter. Cet ultime test permettra de constater votre réactions face à une faille. Black ou White? ^^
Ezine du moment: banm-1.dms.txt
/=======\ //=\\ /-\ || /-\ /-\
|| | // \\ || \\ || // \\ // \\
|| | _ // \\ _ || \\ || _ // \\ // \\
||--------- |_| //=======\\ |_| || \\ || |_| // \__/ \\
|| | // \\ || \\ || // \\
|| | // \\ || \\ || // \\
\========/ // \\ || \\_/ // \\
B e l l A t l a n t i c N y n e x M o b i l e
o r
B l u n d e r i n g A s s h o l e s w h o d o n ' t k N o w M u c h
/\
/--\
/----\
/--------\
/------------\
/----------------\
/--------------------\
/------------------------\
/----------------------------\
/--------------------------------\
/------------------------------------\
|A Few Bell Atlantic Nynex Mobile Phone|
|---Services Explained & other stuff---|
\-------------by mechanic------------/
\______________part 1____________/
_________
Contents:
^^^^^^^^^
1.) Forward
2.) Brochure information, some stupid and some not
3.) *VM Voice Mail, what it is, and how to use it from your phone
4.) what it is, how to use Locked Mobile
5.) Closing
section: 1
_______
Forward
^^^^^^^
Hello there, I know whis may be known to alot of people as general
information, but what the h/p scene is lacking nowadays is information.
The h/p scene is all about learning and sharing your knowledge. I write about
what I know about, no matter how insignifigant. Becasue the more that is made
availible to the scene, the more people will learn, and maybe be able to use
some day. Because learning is the whole point of hacking. Right? This is
probably on of the most widely argued topics within the scene, but that is my
view. Enough with the chit-chat crap, and onto the file. Oh yea, and please
excuse the lame ascii attempt at the top, it's 2 am, played with the VMS8
enuff for tonight, and am bored as hell. Looked cool at the time, I have been
awake for about 36 hours, strung out on NoDoz, Jolt, Krank20, Soda, and Kona,
soo, heh, okay.
Welp, In this issue I hope to cover most of the options, menu's,
and what to do's, with BANM's phone services offered such as *VM Voice Mail,
TalkDial, and a few cool things that can be found in brochures that are found
at almost any BANM location, such as "programming instructions" and BANM
service numbers. (I enjoy hanging out at my local BANM store, and making free
calls from the display phones there...) oh yea, at almost any BANM store,
they have "Display" phones out on the floor. 90% Of these phones are on and
usable, just either ask a dumb sales clerk if you can make a call on it to
try it out, and/or make the call descretly to defcon (801-855-3326), and tell
them where ya are. ;) If you happen to get kicked out of the store, go down
the street to the next cell phone place, and do the same thing. This makes
for hours of fun.
section: 2
______________________________________________
Brochure information, some stupid and some not
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Welp, while at the store the other day making my usual daily calls to
friends, family, and other memb's of DMS, I was looking through a brochure,
and saw a few things that were interesting. First, on one of the inside covers
I saw a diagram explaining how to program a new number into a phone, including
ESN programming and such, this is a crude form of what it looks like.
PHONE PROGRAMMING INSTRUCTIONS
___________________________________________________________
| | |
| ENTER | PHONE DISPLAYS |
|_________________________________________|_________________|
| | |
| Step 1 While holding down the [FNC] | PHONE# |
| button turn on the phone by | |
| pressing the [PWR] button | |
|_________________________________________|_________________|
| | |
| Step 2 Enter your new cellular phone | |
| number (including area code) | SIDH# |
| Press [SEND] | |
|_________________________________________|_________________|
| | |
| Step 3 Enter 5 digit SID | ESN |
| Press [SEND] | |
| | |
| Press [END] to exit programming| |
|_________________________________________|_________________|
( this is assuming your phone is a Motorola Cell Clone, errr... Phone :)
* the caps letters in between the []'s are buttons.
* what the PHONE DISPLAYs column is for is what the phone is expecting to
be entered by the programmer into the phone.
* a SID is a Carrier .S.ystem .ID.
* These programming instructions are to be followed with a new fone, to
enter the new phone number into the phone, after dialing
1-800-523-7961 ( Bell Atlantic Nynex Mobile Activation Center )
I have not really played with this much, but you may be able to social e
some ESN's and such out of the operators, because we all know that 99.9%
of the operators in this world are dumbas bricks, who follow a given set
of instructions to follow, and what to say, etc.. refer to the older DMS
file I wrote on social engineering techniques.
Some customer service numbers for BANM that I found throughout a few pamphlets
were:
For Eastern Massachusetts
Rhode Island
Rockingham County, NH.....................................1-800-538-4747
For Conneticuit
Western Massachusetts.....................................1-800-852-3630
*some options from the main menu on this C-S line are as follows:
the only interestiong one i thought was "Press one for PIN code
information......"
section: 3
_____________________________________________________________
*VM Voice Mail, what it is, and how to use it from your phone
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
*VM voice mail, from BANM, is just another voice mail service offered
by the "profiteering gluttons". It is BANM's "easy to use" voice mail
service. I looked through it, and uless you have a photographic memory, this
guide will come in handy when playing with this service.
Setting up your voice mail for the first time:
----------------------------------------------
1. Press [CLR]
2. Press [*] [V] [M] (*86) [SEND]
(or dial your cellular number from a touch tone phone)
3. When the recorded announcement begins, interrupt the message by pressing
[#]
4. Enter your tempory password of 1 + the last four digits of your cell fone
number.
(*!* Great security feature eh!? welp, most people, like on systems, tend
to stick with their defualt password, so you can break into / take
over a good amount of *VM mailboxes this way. Defaults anywhere are a
good thing to know first off.)
5. Create your personal 4 to 15 digit password.
(*!* In most cases, if they do change it, it will be something like a home
phone number, the cell phone number, birthdate... etc, GO TRASHING@#$)
6. Record your personal greeting.
Message waiting indicator:
--------------------------
This will notify you of new messages in your mailbox
To turn notification on/off:
1.) Enter the main menu
2.) Press [4] (personal options)
3.) Press [1] (outcall notification)
4.) Press [3] for ON or [4] for OFF
Retrieving Messages:
--------------------
1.) Dial your cellular number, or press [*] [V] [M] [SEND]
(messages can also be retrieved by dialing your cellular number from a
phone / office phone)
2.) Press [#] when you hear the greeting.
3.) Enter your password.
4.) To retrieve messages press [1]
5.) To save a message, press [9]
To erase a message, press [7]
Geeting messages from outside your local calling area (npa):
------------------------------------------------------------
1.) Conneticuit: 203-494-MAIL
Western Massachusetts: 413-448-1600
Vermont: 802-238-MAIL
2.) Press [SEND]
3.) After the promt, dila your 10 digit cellular number
4.) then follow the retriving messages section above
Limits for basic and enhanced voice mail packages:
--------------------------------------------------
Max greeting length...........................30 seconds
Max greeting length for enhanced..............2 minutes
Max message length............................5 minutes
New messages retained on system...............30 days
Saved messages retained on system.............30 days
Max number of messages........................40
Playback controls
- - - - - - - - -
while lstening to a message
---------------------------
[1] rewind message 10 seconds
[1][1] rewind to start of message
[2] pause (press again to resume)
[3] move 10 seconds forward
[3][3] goto the end of the message
[4] slow playback
[5] date and time of message
[6] increase speed of message
[7] erase message
[8] return volume to normal
[9] increase volume
[#] skip to next message
To change your password:
------------------------
1.) enter the main menu
2.) press [4] (personal options)
3.) press [2] (administrative options)
4.) press [1] (password)
5.) press [1] to change or establish your password*
* this meaning that some mail boxes may not even have a password set
I am not sure of the defualts but it is probably something like the
last 4 digits of the number, 0000, or 9999
To change or select your personal greeting:
-------------------------------------------
1.) enter the main menu
2.) press [4] (personal options)
3.) press [3] (greetings)
4.) press [1] to select or change Personal Greeting
5.) press [2] to select or extend absence greeting
6.) press [3] to change your name
Heres is a layout of the system, and the all the menu's
----------------------------------------------------------------------------
caution: this may get confusing as hell, especially if the text is distorted
in any way.
----------------------------------------------------------------------------
the *'s mean that another menu branches off of that option
MAIN MENU:
check messages:
[1][1] unheard messages
[1] listen*
[2] send* (enhanced package only)
[3] check receipt* (enhanced package only)
[4] personal options*
[5] restart
[*] disconnect from Voice Mail System (VMS)
menu: [1] from main menu (listen)
---------------------------------
rewind pause/restart forward
position [1] [2] [3]
slower envelope faster
speed [4] [5] [6]
(nothing) normal louder
volume [7] [8] [9]
||||||
\====/
\/
skip message [#]
-after listening-
[4] replay
[5] envelope
[6] send copy
[7] erase* =======> [*] return to main menu
[8] replay
[9] save
menu: [2] from main menu (send)
-------------------------------
from
main
press [2] ==> record messages ==> end [#] ==> press [1] to replay ==\
/---------------------------------------------------------/
\=> enter destination mailbox (another menu comes up):
-private [1] ==> [#] send ==> enter additional destination
\==> no more destinations (quit) [*]
-urgent [2] ==> [1] confirm receipt
[2] notify of non-receipt
-message confirmation [3]
-future delivery [4] ===> follow prompts to set up scedule
menu: [3] from main menu (check receipt
---------------------------------------
from main press [3] ==> enter mailbox number
menu: [4] from main menu (personal options) ==> (another menu):
[1] notification on/off ==> [1] on | [2] off
[2] administrative options ==> (another menu):
[1] passwords ==> [1] to change or establish password
[2] group dist. lists ==> [1] create; [2] edit; [3] delete;
[4] list names
[3] prompt level ==> [1] standard; [2] extended; [3] rapid
[4] date/time
[3] greetings ==> [1] personal sceduled greeting
[2] extend absecse greeting
[3] name
[4] notification scedule => follow the system prompts to set up
pager scedule
closing note on the *VM Voice Mail system
-----------------------------------------
I hope this will help you through your navigation of the *VM system.
and I also hope that this isn't distorted in any way, best to view this in
dos or a *nix system.
section: 4
----------------------------------------
What it is, and how to use Locked Mobile
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Locked mobile is a service that comes on most phones now, that you
have to enter your personal PIN number to use the phone. This is a breif
guide on how to use the Locked Mobile system on your clone... errr.. phone =]
Also, note that Locked Mobile doesn't restrict incoming calls or emergency
calls to *911. This is a really dumb form of security on phones. Seeing as how
people can call you, you can still ride up the minutes on a phone anyways.
You will just have to have everyone call you on your phone if it is closed,
unless you can figure out the PIN number to the phone. Which is still better
than actually paying for services.
To lock your cellular service:
- press [*] [5] [6] + PIN # + [SEND]
- after the confirmation tone, press [END]
To unlock your cellular service:
- press [*] [5] [6] [0] + PIN + [SEND]
- after the confirmation tone, press [END]
To change your PIN code:
- dial 1-800-852-3630* + [SEND]
*this is a good number to have, seeing if you cannot find
the PIN code, you can social e the PIN number out of the
operator, you just have to know a little information
about the phone you cloned
- Follow the voice prompts
Once you have unlocked your cellular service, it will remain unlocked
until you:
- manually lock your service by dilaing [*] [5] [6] + PIN +
[SEND]
- turn off your phone for a min. of 23 minutes in your home
market (cell site)
- begin roaming or travel to a new roaming market.
section: 5
-------
Closing
^^^^^^^
Welp, that's it for the first part of this series, took me a few
hours to write, so I hope at least some of you like it. This is the first part
of a series that will never end... because there are soo many cellular
services offered by BANM. Oh well... get this and other phine philes phrom:
http://mechanic.base.org | the DMS Homepage.
ttyl
.
Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes! La croyance populaire laisse entendre que les hackers sont des pirates. C'est vrai. Mais il y a différents types de pirate. Tout comme il y a différents types de personnes. Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits et encore peut-on classifier en tant que hack le fait de spammer alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?
Ce ne sont pas des hackers qui font ça!!! Nous appelons ces gens des lammers ! Quand ils sont mauvais, ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)
Tu peux réagir sur la shootbox
Disclaimer
Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.