Jump to content

Talk:HackThisSite/rev1: Difference between revisions

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Content deleted Content added
Replaced page with ' HTS is a waste of time....remember it'
Ejfox (talk | contribs)
rv vandalism
Line 1: Line 1:
<!--{| class="messagebox standard-talk" style="text-align:center;"
|-
| width="50px" | [[Image:Evolution-tasks.png|50px|Articles for deletion]]
|| This article is an ongoing revision of the [[HackThisSite]] article and is subject to change. '''It has not been completed.''' Please edit or [{{fullurl:{{FULLPAGENAME}}|action=edit}} expand] according to discussion on this [[Talk:HackThisSite|talk page]].
|} -->


{{isrev|HackThisSite|article|according to discussion on|[[Talk:HackThisSite|talk page]]|Please}}


{{Infobox computer underground
HTS is a waste of time....remember it
| group_name = HackThisSite.Org
| image = HackThisSite.org.png
| caption = The HTS Website
| origin = [[Chicago, Illinois|Chicago]], [[Illinois]]
| country = [[United States]]<br />[[International]]
| status = active
| years_active = 2003&ndash;present
| category = [[hacker|Hacking]]/[[mass media|media]]
| founders = [[Jeremy Hammond|xec96]]<br />The_Anarchist<br />spiffo<br />C (big)
| products = HackThisZine e-zine
| affiliates = [http://www.hackbloc.org Hackbloc]<br />[http://www.hacktivist.net Hacktivist.Net]
| website = [http://www.hackthissite.org/ Main Site]
| }}

<b>''HackThisSite.org''</b>, commonly referred to as HTS, is a popular online hacking and security website. The organization is currently the largest online [[hacker community|hacking community]] in the world with a userbase of well over 100,000.<ref>{{cite web | title=HackThisSite! Rankings (Log-in Required) | publisher=HackThisSite.org | url=http://www.hackthissite.org/pages/user/rankings/index.php?start=124870 | accessdate=2006-11-27 }}</ref> It aims to provide users and teams with a way to learn and practice basic and advanced "hacking" skills through a series of challenges, in a safe and legal environment. Per its size, many HTS users have began there own HTS-based local hacker group.

HackThisSite involves a small, loose team of a developers and moderators who maintain its network of websites, IRC server, and related projects. It produces an [[e-zine]] which it releases at various [[hacker con|hacker conventions]] and through its [http://www.hackbloc.org/zine hackbloc] portal. Hardcopies of the zine are published by [http://www.microcosmpublishing.com/ Microcosm] and [http://www.quimbys.com/ Quimbys]. It also has a blog/short news source run by [[software developer|devs]].

==History==
{{cleanup-remainder|November 27 2006}}
Hisory of HackThisSite per discussion
<!-- Founded in 2003 it was originally known as [hulla-balloo.com/anarchy/?page=domain Hulla-Balloo] but was renamed following a move to a server provided by co-founder C (big) -->
==Articles and Text==
HTS members contribute original texts to the articles area of the site. This area is broken down into different sections on a range of topics. Some of these sections include Ethics, Tutorials, and Politics. Most of these were aimed to provide newcomers with the basic skills to navigate the community.
HackThisSite had one of the largest collection of texts on various hacking and related subjects. These texts were almost entirely user-submitted and were linked directly to HTS user accounts. Following the major revision to HTSv3, the inability to accurately attribute author to article resulted in the loss of this archive, a move from which its Article section has yet to recover.

==Mission Challenges==
''HackThisSite'' is also host to a series of "missions" aimed at simulating real world hacks. These range from ten basic missions where one attempts to exploit relatively simple [[html]] errors, to hardcore [[encryption]] and [[application]] cracking missions. The missions works on a system of points where users are awarded scores based on their completion of missions.
===Basic Web Challenges=== <!-- expanded challenges -->
Consisting of basic web exploits - gaining access to a page
===Realistic Missions===
Consisting of more difficult exploits - strategic use of exploits to gain access or accomplish specific tasks
===Encryption Challenges===
Elite mission: Consisting of being among the first to decode strings of encrypted text before a deadline
===Programming Challenges===
Elite mission: Consisting of being among the first to [[computer programming|code]] a program for a specified function before a deadline
===Permanent Programming Challenges===
Consisiting of the demonstration of on-demand coding abilities to code tasks as needed
===Application Challenges===
Consisting of cracking/bypassing safety-measures in applications without or by retreiving embedded access keys
===Root This Box===
''HackThisSite'' also ran a series of live hacking challenges called [http://www.rootthisbox.org RootThisBox.org] where people configured their systems to be used as target [[server|boxes]]. Players then attempted to gain access to these boxes and defend from other hackers, similar to past 'king of the hill' styled hacking competitions. The project is still in its developmental stage.

==IRC and Forums==
''HackThisSite'' is known for its [[IRC]] network where many of its users congregate. Within this network, users converse on a plethora of topics ranging from current-day politics to technical issues with programming and [[Unix]]-based operating systems. However, mostly, the ''HackThisSite'' IRC network serves as a social gathering of like-minded people to discuss just about anything. Although there are many channels on the IRC network, the main channel #hackthissite has a +z flag which requires users to be connecting using SSL. This requirement is for several reasons, including encouraging people how and why to learn to use SSL encrypted communications, as well as being an unofficial 'idiot challenge'. Other official channels include #help and #tech (for techinical discussions only), along with #criticalsecurity for forums members (though anyone can be there), and hackbloc also has their IRC channel there (at #hackbloc)

''HackThisSite'' also has two sets of forums, the main one being at [http://www.criticalsecurity.net CriticalSecurity.net] and the [http://www.hackbloc.org/forums/ Hackbloc Forums]. The ''CriticalSecurity.net'' forums has most HTS discussion, specifically related to help with the challenges on the site as well as basic hacking questions. The ''Hackbloc'' forums are more for focused hacktivist discussion as well as a place for people to discuss news and plan future projects. Many people criticize the forums as being too 'newbish' compared to IRC, most likely because many new users visit the forums to ask for help with the challenges.





==Controversy==
There has been criticism that HackThisSite's self-description as a "hacker training ground" encourages people to break the law. Many people related to the site state that although some of the skills taught ''can'' be used for illegal activities, HTS does not participate in or support such activities. Despite this, several individual members have been arrested and convicted for illegal activity (most notably Jeremy Hammond, founder of HackThisSite). However there is little evidence to suggest that HackThisSite was related.
===phpBB/HowDark incident===
In November of 2004 the [defunct] HTS-based ''HowDark'' Security Group, co-founded by former staff-member, Jessica Soules, notified the phpBB Group, makers of the popular phpBB bulleting software, of a serious vulnerability<ref>{{cite web|title=SQL Injection in phpBT (bug.php) add project|publisher=Security Focus (bugtraq archive)|url=http://www.securityfocus.com/archive/1/381029|accessdate=2006-11-28}}</ref><ref>{{cite web|title=phpBB Code EXEC (v2.0.10)|publisher=Security Focus (bugtraq archive)|url=http://www.securityfocus.com/archive/1/380993|accessdate=2006-11-28}}</ref><ref>{{cite web|title=SQL Injection in phpBT (bug.php)|publisher=Security Focus (bugtraq archive)|url=http://www.securityfocus.com/archive/1/380984|accessdate=2006-11-28}}</ref> in the product. The vulnerability was kept under wraps while it was brought to the attention of the phpBB admins, who after reviewing, proceeded to downplay its risks.<ref>{{cite web|title=howdark.com "exploits"|publisher=phpBB Group|url=http://www.phpbb.com/phpBB/viewtopic.php?p=1316231|accessdate=2006-11-28}}</ref>
Unhappy with the Groups' failure to take action, ''HowDark'' then published the bug on the [[bugtraq]] mailing-list. Malicious users found and exploited the vulnerability which led to the takedown of several phpBB-based bulletin boards and websites. Only then did the admins take [http://www.securityfocus.com/archive/1/381510 notice] and release a [http://www.phpbb.com/phpBB/viewtopic.php?t=240513 fix].<ref>{{cite web|title=howdark.com exploits - follow up|publisher=phpBB Group|url=http://www.phpbb.com/phpBB/viewtopic.php?t=240513|accessdate=2006-11-28}}</ref><ref>{{cite web|title=phpBB 2.0.11 released - Critical update|publisher=phpBB Group|url=http://www.phpbb.com/phpBB/viewtopic.php?t=240636|accessdate=2006-11-28}}</ref> Slowness to patch the vulnerability by end-users led to an implementation of the [http://www.securiteam.com/unixfocus/6J00O15BPS.html exploit] in the [[Santy|Perl/Santy]] worm (read [http://isc.sans.org/diary.php?date=2004-12-21 full article]) which defaced upwards of 40,000 websites and bulletin boards within a few hours of its release.

Following the negative fallout and controversy over her handling of the case, Jessica [[resign|resigned]] from the hacking and "security scene".<ref>{{cite web|title=Jessica (HowDark.com) quits the security scene|publisher=HackThisSite.org|url=http://www.hackthissite.org/news/view/107|accessdate=2006-11-29}}</ref>

===Protest Warrior Incident===
In early 2006 [[Jeremy Hammond]] of HackThisSite was arrested following an FBI investigation into an alleged hacking of political Conservative activist group [[Protest Warrior]]. The federal government claimed that a select group of HTS hackers gained access to the [http://www.protestwarrior.com ProtestWarrior] user database, and procuring user credit-card information, conspired to run scripts that would automatically wire money to a slew of non-profit organizations. The plot was uncovered when a hacker said to have been disgruntled with the progress of the activities turned informant. [http://72.14.209.104/search?q=cache:7ZjyuUIzHxkJ:www.statesman.com/metrostate/content/metro/stories/07/14hackers.html+jeremy+hammond+chicago&hl=en&gl=us&ct=clnk&cd=2&client=firefox-a Google Cache of article]
==Internal Disputes==
Moderators, Developers, and Ops on HTS and its forums successor [http://www.criticalsecurity.net/ Critical Security.NET] are arranged in a democratic but highly anarchical fashion. While this structure appears to work most times, when disputes arise, loyalties tend to become very confusing. Subsequently, HTS has a ''long'' history of mods, ops, and devs turning [[blackhat|darkside]] and severely impairing or completely taking down the site.<ref>{{cite web | title=Forums Upgrade 2.1.3 - Take 2, Redone | publisher=CriticalSecurity.NET | url =http://www.criticalsecurity.net/index.php?showtopic=4050 | accessdate=2006-11-27}}</ref><ref>{{cite web | title=Rollback, Database restoration | publisher=CriticalSecurity.NET | url=http://www.criticalsecurity.net/index.php?s=411612728a9b3bb45160b644808908ae&showtopic=1440&st=0 | accessdate=2006-11-27}}</ref>
In one of the most notorious incidents and the last major attack to occur, several [[blackhat]] [[dissidents]] gained root-level access to the website and proceeded to "[[rm_(Unix)|rm -rf]]" the entire site.<ref>{{cite web|title=digg - Hack This Site attacked!|publisher=digg.com|url=http://digg.com/security/Hack_This_Site_attacked_|accessdate=2006-11-27 }}</ref> This led to HTS being down for months as it was rebuilt as HTSv3.





==References==
<div class="references-small">
<references/>
</div>
<!-- note: I know, I know, this has to be fixed -->

Revision as of 18:23, 4 February 2007


Template:Isrev

Template:Infobox computer underground

HackThisSite.org, commonly referred to as HTS, is a popular online hacking and security website. The organization is currently the largest online hacking community in the world with a userbase of well over 100,000.[1] It aims to provide users and teams with a way to learn and practice basic and advanced "hacking" skills through a series of challenges, in a safe and legal environment. Per its size, many HTS users have began there own HTS-based local hacker group.

HackThisSite involves a small, loose team of a developers and moderators who maintain its network of websites, IRC server, and related projects. It produces an e-zine which it releases at various hacker conventions and through its hackbloc portal. Hardcopies of the zine are published by Microcosm and Quimbys. It also has a blog/short news source run by devs.

History

Template:Cleanup-remainder Hisory of HackThisSite per discussion

Articles and Text

HTS members contribute original texts to the articles area of the site. This area is broken down into different sections on a range of topics. Some of these sections include Ethics, Tutorials, and Politics. Most of these were aimed to provide newcomers with the basic skills to navigate the community. HackThisSite had one of the largest collection of texts on various hacking and related subjects. These texts were almost entirely user-submitted and were linked directly to HTS user accounts. Following the major revision to HTSv3, the inability to accurately attribute author to article resulted in the loss of this archive, a move from which its Article section has yet to recover.

Mission Challenges

HackThisSite is also host to a series of "missions" aimed at simulating real world hacks. These range from ten basic missions where one attempts to exploit relatively simple html errors, to hardcore encryption and application cracking missions. The missions works on a system of points where users are awarded scores based on their completion of missions.

Basic Web Challenges

Consisting of basic web exploits - gaining access to a page

Realistic Missions

Consisting of more difficult exploits - strategic use of exploits to gain access or accomplish specific tasks

Encryption Challenges

Elite mission: Consisting of being among the first to decode strings of encrypted text before a deadline

Programming Challenges

Elite mission: Consisting of being among the first to code a program for a specified function before a deadline

Permanent Programming Challenges

Consisiting of the demonstration of on-demand coding abilities to code tasks as needed

Application Challenges

Consisting of cracking/bypassing safety-measures in applications without or by retreiving embedded access keys

Root This Box

HackThisSite also ran a series of live hacking challenges called RootThisBox.org where people configured their systems to be used as target boxes. Players then attempted to gain access to these boxes and defend from other hackers, similar to past 'king of the hill' styled hacking competitions. The project is still in its developmental stage.

IRC and Forums

HackThisSite is known for its IRC network where many of its users congregate. Within this network, users converse on a plethora of topics ranging from current-day politics to technical issues with programming and Unix-based operating systems. However, mostly, the HackThisSite IRC network serves as a social gathering of like-minded people to discuss just about anything. Although there are many channels on the IRC network, the main channel #hackthissite has a +z flag which requires users to be connecting using SSL. This requirement is for several reasons, including encouraging people how and why to learn to use SSL encrypted communications, as well as being an unofficial 'idiot challenge'. Other official channels include #help and #tech (for techinical discussions only), along with #criticalsecurity for forums members (though anyone can be there), and hackbloc also has their IRC channel there (at #hackbloc)

HackThisSite also has two sets of forums, the main one being at CriticalSecurity.net and the Hackbloc Forums. The CriticalSecurity.net forums has most HTS discussion, specifically related to help with the challenges on the site as well as basic hacking questions. The Hackbloc forums are more for focused hacktivist discussion as well as a place for people to discuss news and plan future projects. Many people criticize the forums as being too 'newbish' compared to IRC, most likely because many new users visit the forums to ask for help with the challenges.



Controversy

There has been criticism that HackThisSite's self-description as a "hacker training ground" encourages people to break the law. Many people related to the site state that although some of the skills taught can be used for illegal activities, HTS does not participate in or support such activities. Despite this, several individual members have been arrested and convicted for illegal activity (most notably Jeremy Hammond, founder of HackThisSite). However there is little evidence to suggest that HackThisSite was related.

phpBB/HowDark incident

In November of 2004 the [defunct] HTS-based HowDark Security Group, co-founded by former staff-member, Jessica Soules, notified the phpBB Group, makers of the popular phpBB bulleting software, of a serious vulnerability[2][3][4] in the product. The vulnerability was kept under wraps while it was brought to the attention of the phpBB admins, who after reviewing, proceeded to downplay its risks.[5] Unhappy with the Groups' failure to take action, HowDark then published the bug on the bugtraq mailing-list. Malicious users found and exploited the vulnerability which led to the takedown of several phpBB-based bulletin boards and websites. Only then did the admins take notice and release a fix.[6][7] Slowness to patch the vulnerability by end-users led to an implementation of the exploit in the Perl/Santy worm (read full article) which defaced upwards of 40,000 websites and bulletin boards within a few hours of its release.

Following the negative fallout and controversy over her handling of the case, Jessica resigned from the hacking and "security scene".[8]

Protest Warrior Incident

In early 2006 Jeremy Hammond of HackThisSite was arrested following an FBI investigation into an alleged hacking of political Conservative activist group Protest Warrior. The federal government claimed that a select group of HTS hackers gained access to the ProtestWarrior user database, and procuring user credit-card information, conspired to run scripts that would automatically wire money to a slew of non-profit organizations. The plot was uncovered when a hacker said to have been disgruntled with the progress of the activities turned informant. Google Cache of article

Internal Disputes

Moderators, Developers, and Ops on HTS and its forums successor Critical Security.NET are arranged in a democratic but highly anarchical fashion. While this structure appears to work most times, when disputes arise, loyalties tend to become very confusing. Subsequently, HTS has a long history of mods, ops, and devs turning darkside and severely impairing or completely taking down the site.[9][10] In one of the most notorious incidents and the last major attack to occur, several blackhat dissidents gained root-level access to the website and proceeded to "rm -rf" the entire site.[11] This led to HTS being down for months as it was rebuilt as HTSv3.



References

  1. ^ "HackThisSite! Rankings (Log-in Required)". HackThisSite.org. Retrieved 2006-11-27.
  2. ^ "SQL Injection in phpBT (bug.php) add project". Security Focus (bugtraq archive). Retrieved 2006-11-28.
  3. ^ "phpBB Code EXEC (v2.0.10)". Security Focus (bugtraq archive). Retrieved 2006-11-28.
  4. ^ "SQL Injection in phpBT (bug.php)". Security Focus (bugtraq archive). Retrieved 2006-11-28.
  5. ^ "howdark.com "exploits"". phpBB Group. Retrieved 2006-11-28.
  6. ^ "howdark.com exploits - follow up". phpBB Group. Retrieved 2006-11-28.
  7. ^ "phpBB 2.0.11 released - Critical update". phpBB Group. Retrieved 2006-11-28.
  8. ^ "Jessica (HowDark.com) quits the security scene". HackThisSite.org. Retrieved 2006-11-29.
  9. ^ "Forums Upgrade 2.1.3 - Take 2, Redone". CriticalSecurity.NET. Retrieved 2006-11-27.
  10. ^ "Rollback, Database restoration". CriticalSecurity.NET. Retrieved 2006-11-27.
  11. ^ "digg - Hack This Site attacked!". digg.com. Retrieved 2006-11-27.