Hey, this tutorail was written over 5 months, hope you all enjoy it :p
www.hackerscenter.com
http://lnx.hackerscenter.com/Forums/index.php
www.digitalparadox.org
www.tgs-security.org

This is a good friend of mine before you think hes spamming he is not it took him ages to write this and would be suitable for a good refrence the reason the links are there is because he co-admins HSC and thats where the tut originaly comes from and i all ready see he has been negged the shit out of because he found a minor vuln on tripod sites which lets you take over a site so before you get the negs out remember not every one is a newbie

Good tut, but I never -ever- understood the reasoning behind placing a disclaimer on a tutorial. If you are going to write about any information it is a preassumption that people can/will use it wrongly.

The bits of text people use for disclaimers won't hold up in court (US at least) and from what I remember in the olden days (Cult of the dead cow, apocolpyse of doom) they only served the purpose of helping the tutorial to seem more 'underground'.

Just a side thought :)

pooh: i think he just put it there to cover his own ass because there some touchy subjects in it and thats what we need here and hes constantly finding holes in php portals but there kept priv8 the way it should be ;)

peace

well i dont know about the us but in my country im sure a disclaimer would keep me safe :p as according to the disclaimer if your planning on using any of the information you should not read it.. and thus if anyone reads it and if my ass gets hauled down to court it would not be my responsibility.. i personally dont expect anyone to give a shit about it but just for legal reasons ;)

i think he just put it there to cover his own ass because there some touchy subjects in it and thats what we need here and hes constantly finding holes in php portals but there kept priv8 the way it should be

That's exactally my point. You don't honestly think that a 3 - 4 line psudeo(fake( disclaimer is going to hold up in court if someone wants to charge him for the information that others have used, do you? Either be proud to post information and ideas, or don't be. But let's not continue to give the facade that 'hacking' is completely underground and that the disclosure of information that could be used for bad purposes.

Let's be adults about this. The parent poster isn't showing this information to help solve a problem nor to encourage people to fix the security holes. It is information given out with the intention of others using it for the purposes they see fit. :) You can't argue your way around that one, simply because if his purpose was to take his knowledge and better himself and the net, it would be in the hands of the php portals/and other admins rather than in an rtf h4x0ring document.


and thus if anyone reads it and if my ass gets hauled down to court it would not be my responsibility

If you feel that you have the kind of information that would be so possible as to you include a disclaimer so you won't get 'hauled down to court', then don't you think you may be releasing this information in the wrong manner? Don't get me wrong, I'm all about curiosity and hacking(both in code and security) for the betterment of the net as a whole (information going torwards growth and increasing security), but even as a grey hat I can tell you that your document isn't here to help or serve the net. It's here as a "here is how to fsck someone up. If you actually do what I taught, hahaha STFU F@g, u go to jail."


Then again, I may be going overboard. Anyone else?

/* Nods in agreement with pooh sun tzu */

After all, all the info there in there is out there but he done hiw own thing and wrote that paper which took him a long time thats why i explained in PM why i greened him


VB: I think pooh is in the right here you dont see phrack releasing small disclaimers etc its just free info not reallya big deal though is it ?

pooh: although it could be used for illegal purposes i dont think thats why he released it here hes only young as i explained maybe hes a bit anxious ;)

although it could be used for illegal purposes i dont think thats why he released it here hes only young as i explained maybe hes a bit anxious

Since you are his friend, I will take your word on that :) Don't get me wrong, I'm not against information discovery, system cracking, and so forth (I'm a grey-hat, come on) so long as it benifits the net and improves upon it and thus being handled in a mature manner. Call it old habits. I have a -strong- distaste for script-kiddies/fake blackhats and seeing that disclaiming only brought back an old hatred I had for CotDC

pooh sun tzu i pretty much agree with you on this.. but then its always better to be safe then sorry.. if i dont put a disclaimer i could be held responsible and as you say i could be even if i put it up there.. well i rather put it up there and be a little safer cause it isnt going to kill anyone if i do put it up there..

so ya this extra measure isnt killing anyone, nor is it doing harm and it might just be helpfull so why not do it..

So why the **** did he get negged for the above post ? hes agreeing with pooh ? dam this place is getting more ****ed up every day he came her eout of his own free will because i asked him to post it here and this is how hes treated he has better papers on this and probably another 30 something php holes that havent been released to the public and this is how you people treat some one bleh


<^>(o_0)<8

He wrote a decent tutorial, you people are stupid for negging him for this stuff.... He AGREES with pooh in a post you guys neg him... WTF? Someone needs a swift kick in the ass... This is even stupider than leprican getting negged for saying Low level format a hard drive, when he actully KNEW what he was talking about and some "others" didn't.

just took a quick run throught the tutorial. the information is good and in most cases farily clear. The biggest problem I would have is the way it is presented. It doesnt take much to turn a usefull tutorial into something that is unreadable and vice versa. A good example is the disclaimer
quote:
<-::->Disclaimer<-::->
This tutorial is intended for educational purposes it does contain text and information that can be used for malicious purposes therefore I the author will not be held responsible for any weird and instinctive acts you might do once you have read this tutorial and it will be the sole responsibility of the user of this tutorial. If you do not agree with this please do not read forward and delete this tutorial. I disclaim everything I can by law.
end quote:

IMHO if you are going to put a disclamier it should be at least serious. As presented here it gave me the impression that I was about to read just another copy paste tutorial wrote by a 14 year old script kiddie. Also in my experiance writting this is the software i use and you can find the crack here is a sure fire way to get negged. :)
Having said that I feel the information presented deserves grennies.

who negged him!!!

I negged him. Here is why:

1. Sure, his tutorial is decent. But it is nothing more than memories of old-school crackers that would write tutorials on the latest AIM booters. This wasn't the deciding factor, or the primary reason for me negging him. Simply a major annoyance and side thought of "I didn't realise I accidentally went to the 2600 IRC channel in #h4x0Rz". This is why I didn't neg the parent post, but a post of his later on, because the tutorial (even if presented in a script kiddy manner) was valid and held semi-useful information.

2. Even after we agreed that normal exploit discussion groups (Security focus, bug traq, phrak) do not use disclaimers because of the obvious (people will use information regardless of whether you say it isn't your fault), he went on with it still about how it would 'protect him'. If information is going to get you into trouble by posting it somewhere, then obviously it's being posted to the wrong place. I don't think his tutorial would get anyone in trouble, as it's common knowledge, and thus there is no need for a 'make it feel more illegal and more underground' disclaimer. This, too, was not the primary reason, but yet again another annoyance.

3. His past posts have been nothing but "oh looki what I can hack, and how!". This was my final straw with him. If you find exploits or security holes, that's great. Don't be an ass and post them for other people to use just for your moment of fame. Inform the company about the exploitation and handle it that way. This minimizes damages to the company, minimizes the chance of the company coming after you, and actually earns a lowly cracker some respect from people who have moved beyond the 'underground' phase. This was the primary reason, and the final straw in which 1 and 2 were the stepping stones.

As presented here it gave me the impression that I was about to read just another copy paste tutorial wrote by a 14 year old script kiddie.

Bingo.

There are hackers, and there are crackers. There are people who explore the net for curiosity, and people who crack the net for fame. There are people who code and contribute to the community, and there are those who don't have the faintest idea how to give back to the community that taught them. And no, I'm not a white-hat. But I can smell the difference between someone cracking for fame and 'recognition' versus helping to improve the community.

I had a quick read of the tutorial and its obvious that vbfavre69 has put a great deal of effort into it, ok so the disclaimer is pretty crappy...he probably didnt take legal advice on it? does anyone else when they write this stuff? I bet very very few do....Any decent legal team will probably rip any disclaimer that an unqualifed person straight apart...

Heres what I think is the problem with tutorials and AO, this my be it somewhat controvesal, but there my opinions. Newbies come along and most newbies are inundated with negs, maybe they shouldnt be negged for there first x number of posts, say 5? this would give them a chance to see what AO is about. Maybe this would leave AO with more technical people that are often scared off out right because there negged and flamed, instead of the people that come and ask dull and un exciting questions like "how do i get MSN working from behind a firewall?" or "whats the best firewall/ AV?"

I think negging on tutorials that arent plagerised and contain relativly correct content is wrong..people put a lot of effort in for no reward, just because they want to contribute to the community, negging people only annoys people and leads to negative attitudes.

Ive only been here a relativly short time, so can't really comment on the total effectivness of the AP system, but they do seem to sometimes punish genuine users, that are here for good reasons.

who no's......

i2c

The problem lies not with the AP system, it's the fact that if pooh or any other senior with 11 dots negs someone, the person gets hit HARD. It take a LOT of good posts to recover from being negged by one of them. When mem let his account go, the dude who had it negged me and it was 43 points... that is a lot, considering that is almost half of a green dot. If seniors could choose how much they hit, things would be a lot better. Then rather than negging vbfavre with 30 points or w/e pooh ended up hitting with, pooh could hit him with 5 or 10 or 15 and not do as much damage, but still get his point through. I think right now that the seniors are almost too powerful. If two of them get together on a person, they can easily kill him in 2 or 3 posts.

Remember the guidelines of the AP system.

Go back and reread the official rules on this -- you don't neg someone for disagreeing with them, with the exception being only if you STRONGLY disagree with them. That much is somewhat subjective. Pooh, it sounds like perhaps you were a little loose with the negging, unless you disagreed with him that severely? If so, then we really don't have any grounds to argue your assignment.

In any case, I checked out this thread because of it's "extremely positive" designation (meaning something really worth reading is likely here). So, that being the case, there should be enough greens by now to balance things out?

Hey Hey,

Who has actually read this? While it has a few good points it is mostly a load of crap that belongs with the text files of the early 90s. The disclaimer has already been discussed I will ignore it and concentrate on some of the other points listed.

1. Use Proxies to Remain Anonymous.

- This has been argued many times on AO and there are many people that disagree with that point.

2. Pointing people towards software and a crack for it.

- Would a decent tutorial really tell you to pirate software?

3. Claiming you find a vulnerable service with a port scanner?

- Maybe a vuln scanner, but not a port scanner. It's rather easy for me to change the banner on almost any service to confuse you.

4. Talk of hacking and downloading exploits?

- Telling people to go download an exploit and use it to 'hack' a website definately isn't legit.

5. Create a fake hotmail page to send people to or use a key logger to gather their passwords?

- I don't know what to say about this... Except it's ridiculous.

6. Won't explain SSH cuz it's simpler than Telnet

- How is it simpler? In it's use? You accept a key and then there's no difference. In it's underlying operation? because then you've got encryption going on and it's definately not simpler telnet

7. Hacking Tutorial requires a password cracker

- When should you ever require a password cracker against someone elses website?

8. nmap is simple and clear

- There have been tutorials written on nmap because of the number of options and flags it has. How does this make it simple and clear if it requires a tutorial to explain it all.

9. Proxies make it harder to track online activity.

- This relates to number 1, but also.. why should anyone want to track your online activities unless you're breaking the law. This reminds me of old hacker movies where they use proxies and it looks like a phone trace through all these points.

10. Speaking of Using Wingates.

- This is definately early 90s.... how many people even know what wingates are these days?

11. Talk of IRC and spoofing.

- The spoofing ends up being vhosts... I'm pretty sure that's not spoofing.. in fact I know that's not spoofing...

12. Headers Reveal both IE 6 and Mozilla 4.0

- Not quite... It's using IE.... which should have been obvious since it was on his screen at the time.

13. Claims there's a lame way and an elite way to do DDoS attacks.

- Elite is used??? and there's an elite DDoS attack? Man am I behind the times... or else we've time warped back 10 years.

14. NetBIOS Hacking?

- This is like straight out of the old 90s texts....

15. Having fun with the Messenger service.

- You wanna talk about lame and skiddish ways? This one takes the cake... He just keeps loosing more and more credibility.

16. Hacking sendmail?

- I didn't know that connecting and modifying the sender was considered hacking this days instead of 'spoofing' the address.... something I could do in outlook by typing a different address if I wanted to..

I'm skimmed most of the code parts because I'm assuming they're a little more acurate but all in all... this was a pretty shitty tutorial. It read like some skiddies claim to fame trying to copy the texts that many of us read as little kids 10-15 years ago.

Peace,
HT

^^ I'd say that's a prime example of strongly disagreeing. :D

I just downloaded the zip myself and am about to give it a good read...

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=260211#post773872) by The Grunt
The problem lies not with the AP system, it's the fact that if pooh or any other senior with 11 dots negs someone, the person gets hit HARD. It take a LOT of good posts to recover from being negged by one of them. When mem let his account go, the dude who had it negged me and it was 43 points... that is a lot, considering that is almost half of a green dot. If seniors could choose how much they hit, things would be a lot better. Then rather than negging vbfavre with 30 points or w/e pooh ended up hitting with, pooh could hit him with 5 or 10 or 15 and not do as much damage, but still get his point through. I think right now that the seniors are almost too powerful. If two of them get together on a person, they can easily kill him in 2 or 3 posts.

Not really. It takes like -150 APs before you get banned. A senior member with 11 green dots dishes out appx 15 negative points if they hit someone in a security thread. (This is assuming the member has barely earned the last "dot"). If it's in another forum, it's significantly less. Considering that there's almost always a battle over trolls (no matter how stupid) - it would take quite a few significantly powerful senior members to ban the person as there are other seniors that almost always green n00bs that are about to get banned. Even if we were to assume that nobody helps the person out...it would take several of the *most* powerful members on the site to ban the person with APs. It works out to create a decent balance and someone still has to screw up pretty badly to get banned.

ok personally i donot give a shit HOW YOU LIKE MY DISCLAIMER.. its a fricking shit i just threw in to be safe.... why do youll people fuss about such useless shit.. if this kind of argument goes on this forum will be no more than kiddie grounds like zone-h where people get flamed for the stupidest reasons.

second this tutorial was meant to help people out if you like it use it if you dont well then sue me.. and go right a better one your self.. thats all i have to say on this plain and simple.. this tutorial was released months ago and was well appreciated by lot of communities i finally decided to post it here so read it if youll like but stop fussing over shit like how my diclaimer was written
and by the way someone mentioned something about the disclaimer being written by a 15 year old.. well thatd be pretty accurate considering im 16.. well 17 now but at the time of this tutorial 16...

by the way i love this forum..
i post 5 months of work and i get negged and flamed cause the disclaimer isnt upto all of your standards.. BAH

p.s those who think im nuts im sure you can understand why i am a bit pissed off

Don't take anyone's opinions here personally. This section of AO is always critiqued very vigorously, and it's pretty typical for each tutorial submitted to be picked apart to the point of hair-splitting. Just keep posting whatever you have to contribute and don't worry about it.

I was going to stay out of this...... But you know me..... :rolleyes:

I have followed this thread and read the tutorial.

Firstly, the disclaimer.... Get over it kids.... You see them everywhere and depending upon the quality and jurisdiction they are either worthless or valid. I don't even bother reading them in the first place. It's really easy to skip over them.

Secondly, the tutorial. Clearly a lot of time and effort went into it. It is certainly a nice little reference for many subjects. Furthermore, since it was written by a 16 year old, (you're 17 now I know), I think it deserves yet more accolade. It was concise, it was clear, it contained sufficient information on each topic to be of some use, it stated that there was plenty more to each subject and it is only part 1 of a series. VB, you did a darned fine job.

Lastly..... VB, I can't feel right giving you pos AP's for it but I won't give you negs either because they aren't appropriate. Why not? I find much of the criticism of the content, (never mind the disclaimer), to be somewhat valid. Much of it is dated. But that's ok too because many of the things you mention are viable attacks on an improperly configured server. What did get up my nose was your personal statement/attitudes that slipped in there. I really don't give a rats ass whether you think defacing web pages is ok or not. Your subsequent attempt at ethics, (don't go on a delete spree), was lame to say the least. In any case you just placed yourself in the category of common criminal. You managed to "leak" in other pieces of personal philosophy/ethics, (or lack of), in other places. When you write a tutorial to be placed out there for the consumption of professionals then the tutorial should be done in a professional manner and judgements like the ones you put in this tutorial had no place there.

That having been said.... Well done on a well thought out and produced tutorial. I look forward to reading the other parts assuming you take the time to edit out the judgements...... ;)

To add to Tiger's comment, which I think is right on the money, you have to keep in mind that you are being reviewed by industry professionals, so that's why the critiquing is so vigorous. You're looking at it from a 16/17-year-old's point of view as a student, whereas we're looking at it from the point of view of "What could this mean for my business?"

So that's why I say take it all in stride. Indeed, it does look like you put a considerable amount of effort into it.

I haven't read it yet, but my little advice before I read it :

Don't post something in a public place if you cannot take the criticism that follows it.

Ok off to read the tutorial now.

ive read half of the tut and LIKed IT. Not enough to a greenie, but it doesnt deserve negative AP.
Some guys are stickied on disclaimer (1/100 of document?) and arent reading the document.
Ok, its not the best of bread, but c'mon: you have greenie shit tutorial here because it was wrote by a Senior member.

If you want that he accepts criticism, please accept this.
IMHO: neutral. But negative ap? never.

vbfavre69, pridikal - Welcome to AntiOnline. No matter what you post. No matter how good the content. They'll find some reason to use there faggot-ass antipoints. Way to go jerks. You WILL run AO into the ground doing shit like this. And once you do, I'm getting drunk and celebrating.