Plateforme de Hacking


HackBBS.org est une communauté faisant évoluer un système de services vulnérables.

Nous apprenons à exploiter de manière collaborative des solutions permettant de détourner les systèmes d'informations.
Cet apprentissage nous permet d'améliorer les technologies que nous utilisons et/ou de mieux comprendre l'ingénierie social.

Nous défendons les valeurs de l'entraide, du challenge personnel et contribuons modestement à rendre l'expérience des utilisateurs finaux la plus agréable possible.

Vous pouvez nous rencontrer via notre salon irc.
Le forum est en cours de remplacement par une version plus moderne, et tout aussi faillible que l'ancien ^^.
A ce jours nous enregistrons plusieurs dizaines de hack réussi contre notre site, et ce chiffre est en constante évolution. Merci a tous les contributeurs!

La refonte est en version alpha. Cette nouvelle plateforme permet de pentester à distance sans avoir son matériel à disposition.
Via l'exécution de scripts python connecté en websocket à l'ihm web, nous pouvons piloter le chargement de scénario
d'attaque/défense en "multijoueur" ^^.
Le système permet de charger des scripts de bibliothèques partagées et de chiffrer les échanges selon les modules déployés.
Vous trouverez dans la rubrique article de nombreux tutoriels afin de mieux comprendre la sécurité informatique,
ainsi que différents articles plus poussés.
Hacker
  • Sniffing
  • Cracking
  • Buffer overflow
  • Créations d'exploits
  • Social engineering
  • L'anonymat sur le web, spoofing
  • Bypass-proxy, Bypass-firewall
  • Injection de code SSI, SQL, etc...
  • Utilisation d'exploits, création de scripts(php, irc, perl)
We make porn
make a donation
loading...

Please Donate To Bitcoin Address: [[address]]

Donation of [[value]] BTC Received. Thank You.

[[error]]

Nous vous recommandons de sniffer votre réseau lors de votre navigation sur le site. La refonte vous fournira un outillage pour réaliser vos attaques/défenses.

Challenges
Vous pourrez également participer à de nombreux challenges en constant renouvellement (si possible :p)
Dernièrement, les missions relativent aux derniers produits open sources marchent bien :)

Votre ultime challenge sera de défacer HackBBS. De nombreuses failles sont présentes. A vous de les trouver et de les exploiter.

Cet ultime test permettra de constater votre réactions face à une faille.
Black ou White? ^^

Ezine du moment: p54-01.txt
---[  Phrack Magazine   Volume 8, Issue 54 Dec 25th, 1998, article 01 of 12


-------------------------[  P H R A C K     5 4     I N D E X


--------[  Living in SYN

Things that we want for Christmas:  Functional remote operating system
detection.  Functional remote promiscuous mode detection.  Functional agent
based intrusion detection.

A note about this issue.  Loyal and perceptive readers will notice this issue
is a bit smaller.  There are two reasons for this.  The first is swift
delivery.  We are attempting to make Phrack issues a bit more svelte in
order to pump them out on a more timely basis.  The other reason is quality.
There is enough garbage out there.  We turn down at least half of all
submissions to bring you the good stuff.  Enjoy.

Rewind to August 1998.

It's Sunday morning in Las Vegas, about 5:00am-ish.  Angstrom and I decide
to leave the Hard Rock Hotel.  It's been a long night of drinking and
gambling.  I am up maybe $200.  He's up about $30.  We're both inebriated
beyond repair.  We return to Jackie Gaughan's Plaza Hotel and Casino, a
wretched place where the old go to get older and everyone's got at least one
foot in the grave.  Back to the Future II?  Biff's Pleasure Palace?  Welcome
to the Plaza Hotel.

Anyhow, we saunter on in, make our way over to the lounge and find Artimage, 
Asriel, Glyph, and Alhambra.*   After some random dialogue (the specifics of
which I have completely forgotten) Asriel tells me I should play some more 
Blackjack.

    "I only have hundreds." was my reply.  I didn't want to play anymore
    anyhow.  This was the 6th day of my Vegas stint and I was burnt on
    gambling.

    " Bet a hundred then." says As.

    "  Ok."  I caved.

I plop down on a unoccupied blackjack table and plunk my hundred down.  The
dealer was a gentle looking 200 year old man from Laos.

    "MONEY PLAYZ!" I say.  I remember being very drunk.

    "Money plays?" He questions?  The pit boss wakes up.

    "Money plays." I confirm

    "Money plays!" He announces to the pit boss.  The pit boss scribbles in his
    book.

Here's where the details get fuzzy.  I can't remember the hand I was dealt, nor
any subsequent cards.  All I know is I played textbook blackjack.  That's all
you need to know here.  I played according to the `book`.  I lost that hundred.
At that point, my blackjack betting system kicked in.  I lay down 2 more
bills.

    "Money playz." I repeat.

    "Money plays!" He announces to the pit boss.  The pit boss scribbles
    something else in his little book.

My system is simple and almost foolproof.  Bet small when you are just fucking
around.  Bet big when you want to win big.  Lose a big hand?  Double your bet.
Lose again?  Double it again.  Lose again?  Goto 1.  The odds in blackjack
tend to hover around .05% house favor (this can vary widely depending on
several factors including the type of blackjack, the number of decks, the
skill of the player, whether or not the player counts cards, the card counting
scheme used, etc**).  Eventually, odds are, you will win all your money back,
AND THEN SOME!***  Of course, this relies on both your bankroll and the table
maximum being unlimited.  Small details I usually overlook.

So I lose the 2 hundred.

THE SYSTEM IS STILL IN FULL EFFECT.  I plunk down another 4 small.

    "Money plays?" The dealer musses?  I nod.

    "Money plays." The pit boss scribbles.

I lose another hand.  Bye-bye 4 hundred.

Asriel is laughing at this point.

    "Dude, I think you should quit now."  He offers.
    "Nah.  I'm not done yet."

Hrm.  Time to gather my thoughts.  No more namby-pamby.  Time to separate
the armchair gamblers from the hard-core haggard idiot types who end up having
to live in Vegas.  I peel off 10 hundreds.  1 large is placed in that little
betting circle thingy.

    "Money plays." The pit boss scribbles, Onlookers gawk, I pray.

Now this hand I remember distinctly.  First card: an 8.  Hrm.  Second card: a
6.  Ugh.  Dealer shows an 8.  FUCK.  Oh.  Good.  Well, that's $1700 well spent
in about 2 minutes.  Well.  I had to hit.  I get a 6.  Wow.  WOW!  Dealer
flips his hold card.  A 10.

    "HAHAHAHHAHAHAHAHAHA" I proclaim.

    "10 blacks out" The dealer shouts.  The pit boss stops writing.

    "Want to be rated?"  He asks.

    "Nope!  Bye!"  And off I went to cash out.


* http://www.infonexus.com/~daemon9/PIX/Misc/defcon6/r00tdinner%2b/latenite3.jpg
** Actually, playing basic strategy alone can sometimes give you a pretty
close to even odds (or even better then even).  Usually, however, you will
find that you will need to count cards in addition to basic strategy to have a
real advantage.
*** Assoc. Editor's note:  If you take this advice, chances are you'll be
a very upset and angry gambler come next Defcon.  Whine to route when you
can't afford a hotel room, not me.  Maybe he'll let you sleep on his floor.

A special shout-out to Ron Rivest.  It has worked its way down the grapevine
that he reads Phrack.  Add one more to the Super Elite People That REad Phrack
(SEPTREP) list.  If you are or know one of these people, please send email to
the editor to be added to the list (See linenoise for the list).

A word of caution about P54-06 and P54-10:  If you attempt to apply the kernel
patches for these articles in succession on the same system, the second one
will fail at the syscalls.master file.  You will need to patch this by hand.
It's not hard.  Go ahead and try it.  I trust you.

Enjoy the magazine.  It is by and for the hacking community.  Period.


-- Editor in Chief ----------------[  route
-- Associate Editor ---------------[  alhambra
-- Phrack World News --------------[  disorder
-- Phrack Publicity ---------------[  dangergirl
-- Phrack Webpage Guy -------------[  X
-- Phrack Typographical fixer -----[  silitek
-- Phrack Special Consultant ------[  redragon
-- Mad Cow disease ----------------[  sir dystic and dildog
-------- Elite -------------------->  daveg
-- Official Phrack/r00t auto ------[  BMW M3
-- Your trusted security advisors -[  p and sw_r
-- Shout Outs and Thank Yous ------[  kamee, vision, artimage, chris, meenk,
-----------------------------------|  the former SNI team, n8, phundie, par,
-----------------------------------|  radium, k0re, horizon, dhg, mds, mudge,
-----------------------------------|  bioh, pm (for the elite dox)


Phrack Magazine V. 8, #54, Dec 25th, 1998.  ISSN 1068-1035
Contents Copyright (c) 1998 Phrack Magazine. All Rights Reserved.  Nothing
may be reproduced in whole or in part without written permission from the
editor in chief.  Phrack Magazine is made available quarterly to the public,
free of charge.  Go nuts people.

Contact Phrack Magazine
-----------------------
Submissions:        phrackedit@phrack.com
Commentary:         loopback@phrack.com
Editor in Chief:    route@phrack.com
Associate Editor:   alhambra@phrack.com
Publicist:          dangergrl@phrack.com
Phrack World News:  disorder@phrack.com

Submissions to the above email address may be encrypted with the following key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2

mQENAzMgU6YAAAEH/1/Kc1KrcUIyL5RBEVeD82JM9skWn60HBzy25FvR6QRYF8uW
ibPDuf3ecgGezQHM0/bDuQfxeOXDihqXQNZzXf02RuS/Au0yiILKqGGfqxxP88/O
vgEDrxu4vKpHBMYTE/Gh6u8QtcqfPYkrfFzJADzPEnPI7zw7ACAnXM5F+8+elt2j
0njg68iA8ms7W5f0AOcRXEXfCznxVTk470JAIsx76+2aPs9mpIFOB2f8u7xPKg+W
DDJ2wTS1vXzPsmsGJt1UypmitKBQYvJrrsLtTQ9FRavflvCpCWKiwCGIngIKt3yG
/v/uQb3qagZ3kiYr3nUJ+ULklSwej+lrReIdqYEABRG0GjxwaHJhY2tlZGl0QGlu
Zm9uZXh1cy5jb20+tA9QaHJhY2sgTWFnYXppbmU=
=1iyt
-----END PGP PUBLIC KEY BLOCK-----

As always, ENCRYPTED SUBSCRIPTION REQUESTS WILL BE IGNORED.  Phrack goes out
plaintext.  You certainly can subscribe in plaintext.

phrack:~# head -20 /usr/include/std-disclaimer.h
/*
 *  All information in Phrack Magazine is, to the best of the ability of the
 *  editors and contributors, truthful and accurate.  When possible, all facts
 *  are checked, all code is compiled.  However, we are not omniscient (hell,
 *  we don't even get paid).  It is entirely possible something contained
 *  within this publication is incorrect in some way.  If this is the case,
 *  please drop us some email so that we can correct it in a future issue.
 *
 *
 *  Also, keep in mind that Phrack Magazine accepts no responsibility for the
 *  entirely stupid (or illegal) things people may do with the information
 *  contained herein.  Phrack is a compendium of knowledge, wisdom, wit, and
 *  sass.  We neither advocate, condone nor participate in any sort of illicit
 *  behavior.  But we will sit back and watch.
 *
 *
 *  Lastly, it bears mentioning that the opinions that may be expressed in the
 *  articles of Phrack Magazine are intellectual property of their authors.
 *  These opinions do not necessarily represent those of the Phrack Staff.
 */

-------------------------[  T A B L E   O F   C O N T E N T S

 1 Introduction                                            Phrack Staff   22K
 2 Phrack Loopback                                         Phrack Staff   58K
 3 Phrack Line Noise                                       various        90K
 4 Phrack Prophile on the parmaster                        Phrack Staff   26K
 5 Linux and Random Source Bleaching                       phunda mental 174K
 6 Hardening OpenBSD for Multiuser Environments            route          90K
 7 Scavenging Connections On Dynamic-IP Networks           Seth McGann    34K
 8 NT Web Technology Vulnerabilities                       rfp            40K
 9 Remote OS detection via TCP/IP Stack Fingerprinting     Fyodor         58K
10 Defeating Sniffers and Intrusion Detection Systems      horizon       100K
11 Phrack World News                                       Disorder      240K
12 extract.c                                               Phrack Staff   32K

                                                                         966K

-----------------------------------------------------------------------------

    "...a bellvue in the mental hospital world of media whore web pages..."
        - xanax on #phrack, 10-13-1998, when asked to comment on Antionline.

    "This is not a tool we should take seriously, or our customers should take
    seriously..."
        - Edmund Muth, Microsoft, as reported by the New York Times,
          referring to Back Orifice.  (How many thousands of machines were
          owned with BO?)

    *deraadt* your style is so unlike anyone elses, that is makes no sense that
    you have this "style"
        - Theo Deraadt, OpenBSD project leader, refering to route's code in
          this issue.

    "So I thought of something useful I could do with the money. I bought
     a Nintendo 64 for one of my sisters, who has a slight mental retardation. 
     The reason for this was because the doctors have always told us that
     things to stimulate her hand eye coordination would help her."
        - Chameloen of the `masters of downloading` "hacking group",
          commenting on why he didn't spend money on medical care for his
          sister.

-----------------------------------------------------------------------------

----[  EOF




Manifest
Le but de ce site est de mieux comprendre la sécurité informatique.
Un hacker par définition est une personne qui cherche à améliorer les systèmes d'information dans le seul et unique but de contribuer à la stabilité de ces systèmes!
La croyance populaire laisse entendre que les hackers sont des pirates.
C'est vrai. Mais il y a différents types de pirate.
Tout comme il y a différents types de personnes.
Les bavures courantes auxquelles on pense lorsqu'on évoque le terme de pirate informatique
seraient les hacks de compte msn, ordinateurs lâchement trojantés avec des exploits déjà tous faits
et encore peut-on classifier en tant que hack le fait de spammer
alors que depuis plus de 15 ans des scripts tous faits le font extrêmement bien?

Ce ne sont pas des hackers qui font ça!!!
Nous appelons ces gens des lammers! Quand ils sont mauvais,
ou des black hat lorsqu'ils sont doués dans la mise en application de leurs méfaits.
Aucun amour propre - Aucune dignité
Agissent par dégout, vengeance ou simple plaisir.
Les raisons peuvent être nombreuses et je ne prétends pas devoir juger qui que ce soit.
Je pense juste que l'on ne doit pas utiliser l'épée de fly pour commettre des injustices.
Il est 100 fois plus profitable d'améliorer un système que de marcher sur un château de sable... même si marcher sur un château de sable est rigolo :P
A vous de trouver votre amusement. ;)

Tu peux réagir sur la shootbox


Disclaimer Veuillez lire obligatoirement les règles ci-dessous avant de consulter ce site.
Conformément aux dispositions des différentes lois en vigueur, intrusions et maintenances frauduleuses sur un site, vol et / ou falsification de données.
Vous ne devez en aucun cas mettre en application les stratagèmes mis en place par ce site, qui sont présentés uniquement à titre d’éducation et de recherche dans le domaine de la protection de données.
Vous ne devez en aucun cas utiliser ce que vous aurez découvert, sauf si vous avez une autorisation écrite de l’administrateur d’un site ou que celui-ci vous ai ouvert un compte uniquement pour la recherche de failles.
Tout cela est interdit et illégal ne faites pas n'importe quoi.
Vous acceptez donc que l'administrateur de ce site n'est en aucun cas responsable d'aucun de vos actes. Sinon quittez ce site.
Vous êtes soumis à ce disclaimer.
ET À CE TITRE, NI LA COMMUNAUTÉ, NI L'ADMINISTRATEUR, NI L'HÉBERGEUR, NE POURRONT, NI NE SERONT RESPONSABLE DE VOS ACTES.