Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: hax.tor

from [0x90] Network Security [Permanent Link]
Subject: Re: hax.tor
Date: Tue, 27 Nov 2007 01:31:28 +0100 

Dear Attila,

What do you want to SSH connect to FBI-s homepage? 

I don't want them to "SSH connect". All you do is connect, and not SSH.

If this is a game, why don't you provide yourself the target for
scanning it?

I do provide myself as the target for most challenges, should the level require portscanning, exploiting a PHP, etc. In this case, we are not talking about scanning, we are talking about aquiring a simple banner. The last thing I would want to do is send the player to do illegal activities. The challenges that involve sites other than mine (yes, government / google / yahoo / nasa sites) focus on getting information through legal ways. The FBI challenge is one of these, although it is only the second warmup level, so it is still 'too easy', and doesn't provide you with much information - maybe just a smile to make your day as you advance to the other 40 levels.

* Philippe wrote:

They just want to see if you can do a banner grabbing, theres really nothing to it.
But I do agree that choosing the FBI is a very very VERY bad way to be serious, it is sending
out the Hacker VS the law image and I would go against this.

None of my hosts have SSH open (and for various reasons won't, neither for just a fake banner). I would have felt bad about putting the player to connect to any average server out there. Just think of it. It would have made no point. On the other hand, the FBI might have had some funny reason to open up that port (which I highly doubt is actually SSH, but who cares), so they probably don't mind anyway. And even if they did, they obviously get no less mass SSH scans a day than any other ip pool does. And those scanners go further than just connecting.

To summarize, this is not the "Hacker VS the law" thing (especially with all the warnings: "do not do anything illegal", "do not spam their forum boards", "do not scan their subnet" etc). I am disappointed and sorry if anybody got the opposite idea. To these people I recommend reading the list of challenges to see the big picture.

Regards,
0x90
http://hax.tor.hu/




[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Securing workstations from IT guys, Kurt Buff
Next by Date:  RE: Securing workstations from IT guys, Lim Ming Wei
Previous by Thread:  Re: hax.tor, Michael Argyriou
Next by Thread:  Re: hax.tor, Robert Larsen
Indexes:  [Date] [Thread] [Top] [All Lists]