Not for American based hackers, others are welcome. Must have telephone contact number. $100 if you can break-in our test box, target IPs for testing will be given in due time. Must be able to accept payment via PayPal.

Please contact via email stating experience. All applications will be kept strictly confidential.

No Americans? Why...

Yeah, why? :)

IP IP me hungry for an IP! :angry:

Originally posted by phpjames
No Americans? Why...

We have nothing against Americans. Past experience has proved that most American hackers are script kiddies with little or no real hacking experience!

We want a real hacker who can document their steps, have you got what it takes?

I wouldnt say region has anything to do with it but if youve run into script kiddies youve run into script kiddies. There are plenty of Americans able to this task and im sure probably much more than any other country as high speed access is readily available and free access to the internet is available. Im sure the chinesse would have a bigger challenge. Contact me off the board if you would like to discuss your project. Good luck.

I do have what it takes, but I won't do it.. but I was simply curious why you said no americans.

LOL. Any person who will jump to your offer it a script kiddie.

If a real hacker is gonna want to break in your box, he WILL do it. You can't stop him from not doing it. The best solutions to setup is a quick recovery. Hacking is illegal and real hackers know it. It won't be worth for them to go to jail for your $100.

American hackers are script kiddies! I like that one. :D

Almost all hackers are script kiddies, don't kid yourself. The best security firms are in the US, if you really want to see if you can be beat try www.truarx.com or www.iss.net, but don't expect that $100.00 will buy you much time from professional security experts.

$100.00 will buy you a script kiddie and nothing more, but to put it in perspectivfe THOSE are exactly the people you should be worried about.

I suggest you contact http://www.r-fx.net/

We have nothing against Americans. Past experience has proved that most American hackers are script kiddies with little or no real hacking experience!

Excuse my french. But **** you.

You base your experiance on what? 1-2-3 people? Do you know how many Americans there are?

I used to work for a few security consulting firms, and I can tell you what. I've seen more script kiddies from India and China than America.

****..... i wouldn't touch that offer with a 100foot pole... not without a signed and notarized document giving me full and unrestricted access to attempt to hack/compromise that machine, without that your dumb 2 even think about doing it

But then again the others are right, $100 isnt worth most peoples time.

Funny that you claim less Americans would have this skill, yet you say the term "hack". Your post indicated that you didn't want American "programmers".

If you want someone to crack your system, you can pay _this_ American $150 _per hour_, pro-rated at a minimum of 1 hour, and I'll be happy to hammer your server.

You also seem to be missing something vital, the thing you have to worry about most, is the fact that local system user's is your biggest concern. Those user's on your server, will pose the greatest risk and you can't do a proper security audit by trying to simply exploit the server via remote means.

Perhaps you don't have a shared server and you're the only user. Perhaps you only have one ot two services even running. Do you honestly think that, provided you are running properly configured and up-to-date, non-exploitable, common and non-vulnerable services, that someone is bound to be able to have "enough skill" to break in? This myth about how 'no server is secure', is BS. If you run exploitable programs/services or don't have your server configured properly, sure. However, if you expect to get any real value out of having someone audit your server and configuration, it's going to have to be more in-depth than simply saying "Try out all the lame *SCRIPT KIDDIE* exploits to see if you can break in remotely and I'll give you $100 if you can"! As another poster said, and it's true, only a "script kiddie" will find interest in such a post/challenge.

Moreover, what else other than a script kiddie tool, could anyone really try to gain remote access via an exploit? All you'd do, is a few things and other than that, you'd end up just using or modifying (or writing) an script/tool to exploit the vulnerable points. So, I'm not sure what you expected, but I suppose you were wise to at least not giving out your IP after generally insulting American based crackers. :-) Just some thoughts... good luck.

Originally posted by DanielP
****..... i wouldn't touch that offer with a 100foot pole...

You a hacker now, Dan?

$100.00 will attract a teenager. Maybe that's why they have experiance with script kiddies?

But --

Firms will charge you $X,XXX or $XX,XXX.
I've charged some pretty high amounts in the past. Nothing close to $100.00 : )

LoL Tim.... haven't touched that line of work in many years, i'm 2 old out of date to be any good now a days :)

Originally posted by Shyne
If a real hacker is gonna want to break in your box, he WILL do it. You can't stop him from not doing it. The best solutions to setup is a quick recovery. Hacking is illegal and real hackers know it. It won't be worth for them to go to jail for your $100.
Hehe, so if I'm a real hacker and I attempt to hack into my own box, I can go to jail? Illegally hacking is, well, illegal. If you have full consent of the admin of the server-to-be-hacked (in writing and very tight!), who the heck cares? The media always associates the work "hacker" with "criminal" and it's a real shame.

I agree, though, $100 will get you kids who think they know how to hack but can't. I'd up the $ if you want a real security check and report.

Originally posted by allera


...

I agree, though, $100 will get you kids who think they know how to hack but can't. I'd up the $ if you want a real security check and report.

But you saw the title of the thread. If said "Top $$$". I am incline to believe it, I don't know any better.

Originally posted by jayjay
I've seen more script kiddies from India and China than America.

Not to mention United Arab Emirates, etc. I just took a random look at logs from this year and last year and found more from China than anywhere.

I always get a chuckle at seeing Windows attacks going against my FreeBSD and Linux machines.

GET /scripts/../../winnt/system32/cmd.exe /c+dir

oh how original. Very smart non US would be hackers.

I'm glad that Tim brought up the fee. Its hardly top $, its not even a real fee.

Or did he expect the pro to work for less than an hour on this project including project initiation, work and documentation?

I must be missing something.
You would only get the $100 if you successfully "hack". So what's against the Americans? If you can successfully hack, what makes you any different than anyone else? Well, of course writing down what to do but that's not very hard, is it?

Okay, let me 'hack' his post:


#!/usr/bin/perl -w

use strict;


my $hacker = ' (or programmers - which is it?)';
my $payfor = 'Cheap';

my $wrong += ($_ = 'Wanted: Hackers for Linux Box Penetration Test - Top $$$

Not for American based hackers, others are welcome. Must have telephone contact number.
$100 if you can break-in our test box, target IPs for testing will be given in due time.
Must be able to accept payment via PayPal.


Please contact via email stating experience. All applications will be kept strictly confidential.')

=~ s,H(ack)(er)?(s)?,Cr$1$2$3$hacker,ig,s,(\s+\$\d{3}\s+),$payfor$1,ig,s,(T)(o)p,B$2\L$1$1\E$2m,ig,s,(\s+A.*?ed),$1 (too good!),ig;

print 'fixed: "',$_,'"',"\n...and you mis-used the term 'hacker(s)' $wrong time(s).\n";



[Edit: the [code] tag doesn't wrap the text in a user-friendly manner].

Originally posted by mwatkins
[B]

I always get a chuckle at seeing Windows attacks going against my FreeBSD and Linux machines.

GET /scripts/../../winnt/system32/cmd.exe /c+dir

oh how original. Very smart non US would be hackers.
B]
I think those are just infested windows machine, not a real hacker. So in this case, it is not Chinese script kiddles, but Chinese infested windows machine.

Peter

True enough. Was the first example in my log that I scrolled by. Certainly infested windows machines make up the bulk of the nonsense attacks I see in the logs.

Guys,
don't be so harsh on Topwiz!
$100 is top $$$:
that's his allowance for a whole month.

lol. I don't mean to be rude, but
Was that a joke?

I would NEVER do a pen test on someone asking for "hackers"

That is insulting.

still looking :homer:?



:beer:

Originally posted by topwiz
Not for American based hackers, others are welcome. Must have telephone contact number. $100 if you can break-in our test box, target IPs for testing will be given in due time. Must be able to accept payment via PayPal.

Please contact via email stating experience. All applications will be kept strictly confidential.

Man, the FBI surely gets creative these days :D

Originally posted by timechange


Man, the FBI surely gets creative these days :D


The FBI would offer more than $100

lol. That would be pretty funny (well, not really but you know what I mean) if the FBI had someone hack in to some computers so they can catch them and then the hacker found some confidential information from the FBI. lol :rolleyes:

Originally posted by geiger
lol. That would be pretty funny (well, not really but you know what I mean) if the FBI had someone hack in to some computers so they can catch them and then the hacker found some confidential information from the FBI. lol :rolleyes:

The FBI had some Russian crackers fly over to the U.S. for a job interview (pen testing) and then had them show them how they cracked into things and arrested them on the spot.

It was pretty elaborate.

Please contact via email stating experience. All applications will be kept strictly confidential.

confidential?

Ah.. via your pgp key???

Mmmmm. Right!

:eek:

I'd put another "0" on the end at least! Then the time you give away in money will be saved by going through lesser but higher caliber candidates, maybe give you a workable project then, And get some sort of security so the bit about "confidential" is not misleading. Hushmail.com , Pgp, QPgp lots out there!

Only reason I say this is your asking a someone that should be capable of breaking a possibly competition hardened Linux box to send you "Pen Experience" in normal email without a non-disclosure contract first? So she / he can apply?

And, demographics, population dispersal and Internet history I think all show a high indication you are going to find a larger pool of highly experienced security professionals in the states. Don't understand the reason for not including the states. ???

:confused:

Me thinks this is :

:D "JOKE OF THE DAY" :D

When hacking competitions go wrong

17:08 Friday 31st May 2002
Matt Loney

A hacking contest that promised $100,000 as first prize appears to have been weighted so heavily against competitors that some decided to hack the competition rather than the target server
What do you do when you enter a hacking competition only to discover that the target server is running a cut-down operating system running with almost all services switched off so that it does not resemble a "real-world situation"?

Simple. You hack the competition itself.

This is exactly what appears to have happened in a hacking competition that promised a first prize of $100,000 and which now seems to be losing its lustre after hackers compromised the server that held registration details. The result is that what should have been a straightforward competition has turned into a convoluted tale of hackers attacking the wrong systems and organisers using a dubious server set-up in the first place. The episode raises a number of questions over how hacking competitions should be held in the future.

The competition, run by Korean security software firm Korea Digital Works (KDWorks) ran in mid-April for 48 hours, during which time hackers were asked to compromise a Web server and leave their details on the main page of the woksdome.org Web site.

The first person to do achieve the goal was promised $100,000 (£70,000), and the organisers promised that if there was no outright winner, the judges could award five prizes of $10,000 to "outstanding competitors" based on the methodology and level of hacking used.

One month on, there is no outright winner, the amount being offered to outstanding competitors has shrunk to $1,250 each, the server containing registration details of hackers has itself been hacked, and it has emerged that the target server may have been running the sort of software that would not normally be used for serving Web pages. At least one "outstanding competitor", who has since been approached for his bank account details, is beginning to wonder if the whole thing was a hoax.

Things apparently started to go wrong for KDWorks when two hackers, who go by the pseudonyms kill9 and m0rla, posted a message to the hackers.com Web site, saying they had broken into the server holding the registration details of the entrants with relative ease and sent an email to all 1,240 of them.

In their posting, the two recognised that KDWorks was "very brave" for publicly exposing its products in this way and openly inviting all hackers to find any possible exploits. But, they wrote: "One has to keep in mind that no matter how many preventions you take, there will always potentially be a way to hack the system."

The system set up by KDWorks had almost all of its services deactivated, according to kill9 and m0rla. "The contest server was only simulation, not a real-world environment," they wrote. "And you have to ask yourself who will have a Web server running with this small amount of services activated? Nobody."

The reason they decided to hack the registration server was that the real-world environment provided in this contest was not the simulation server at all: "it was the overall contest in general."

And so the two decided to take the contest to the next level. "We chose to skip the games and festivals, and go straight to the main server (where you registered for the contest). By taking this step, we achieve a real-time environment with a system that has many services running, just like many other Web servers. We also gain access to the server that contains all of the entries for the contest that is taking place, thus granting us the ability to manipulate those entries to our liking (keep in mind your prize money relies on your registration entry)."

According to kill9 and m0rla, the idea behind this part of the hack was to allow everyone who registered to use methods of attack they could to penetrate the contest simulation server. "The possibility of someone actually hacking the contest simulation server was given a very slim probability. Based on the fact that there are very few services running, with very few applications running on those services."

The objective of the hack, said kill9 and m0rla, was to show that there will always potentially be a way to hack a system (in this case a contest), no matter how many precautions are taken. In other words, it was KDWorks itself rather than the target server that the hackers took to be the 'real-world environment'. "The problem lies not in the Woksdome program design," they wrote, "but another surrounding program. One can't only rely on the Woksdome programming, but has to make sure other programs are configured and secured correctly." This is a well-known philosophy among security experts.

The hackers posted parts of their exploit on a hackers' Web site as proof of concept, but left out key parts so that, they said, less scrupulous individuals would not be able to replicate the exploit easily.

However, the pair admit in their posting to ulterior motives.

"Since we now can execute our code on the woksdome.org server, and we know the database information, we have complete control over the information in the Woksdome database (including all registration information)," they wrote. With this information, they added, they could replace the information of any winner with their own details, so guaranteeing that they won the competition. They said they could also retrieve any and all entry data from the database of entrants and output it to a Web browser for easy viewing.

As entrants were required to enter personal details together with some form of identification -- such as a passport or social security number -- in the event that they won the competition, some are worried that their privacy has been compromised.

One, who has been contacted by KDWorks and told he was an outstanding competitor, reports being asked for bank account details so the prize money -- now stated as $1,250 -- can be paid.

Bill Wong, from New York, said that after hearing about the compromised registration server and then being asked for bank account details, he became suspicious. "At this point," said Wong, "I don't know whether to provide them with that information and, if in fact, whether I actually did win anything. I'm beginning to suspect that this could be a spam or a hoax (perhaps, even from the start)."

KDWorks has now released a list of the five outstanding competitors -- which includes Wong. However, Wong said he remains troubled by many aspects of the competition.

He backs up kill9 and m0rla's belief that the target server was not running a real-world environment. "It was minimalist, running only Apache (Web server software) on a non-standard port and nothing else," said Wong. In fact, said Wong, the operating system it was running on was a base installation of Smoothwall Linux, which is designed to be a firewall, not a Web server.

In the latest twist, KDWorks says that the Smoothwall server wsa in fact a decoy. Justin Kim, an attorney with US-based Mike Choi International Consulting, who was helping to promote the event confirmed that the Smoothwall that the hackers found did exist, but said it was a trap or "honey pot system" installed in the Woksdome hacking server. "The honey pot system consisted of a false server which is designed to attract intruders and tracking software to trace down intruders."

"In the false server, there was some false information which was good enough to attract those intruders. As soon as intruders reach the false server, the tracking software starts to trace down those intruders. Then the tracking software analyses all the activities of the intruder (including hacking method, all the ISP used, IP address, even what the hackers punched on his keyboard) to trace down the original location of the intruder."

Some hackers found out the existence of the honey pot during the competition, said Kim. However, he added: "I think those who found the honey pot are good hackers, but not good enough to find out that the honey pot is a false server. Therefore, the conclusion that the target server was a system that would not be used in a typical real world situation does not make sense. The target server was totally ready to be used as a typical web server."

However, this revelation may have come too late to dispel some concerns. Wong, for instance, is also troubled by the shrinking prize money. "The original prize was indeed stated as $10,000 (for each outstanding competitor)," he said. "I'm not even sure if I actually won anything. I'm leaning toward the 'I've been targeted as a part of a hoax' theory, right now."

KDWorks has previously stressed the lengths to which it went to assuage any fears of misconduct in regard to the competition. The target server was located at the Munhwa Daily Newspaper in Korea, and academics and IT professionals were invited to oversee the competition, according to Justin Kim, an attorney with US-based Mike Choi International Consulting, who was helping to promote the event.

Furthermore, said KDWorks, the event was sponsored by the Korea Information Processing Society, the Korea ISP Association and the IT Professionals Association of Korea, among others.

KDWorks has named the outstanding winners as: David from Spain, who registered with the handle Morgote; Eddy from Korea, who registered under his own name, Chris from the US who registered as Lifer, and another person from Korea who registered with the handle Szoahc.

KDWorks has also released statistics detailing 51 countries from which the hackers originated. The US and Korea led the field, with 319 and 210 respectively, followed by Brazil with 88, then Italy with 53, Poland with 48 and China with 46. These were followed by Turkey with 33, Sweden with 32, the Czech Republic with 30 and Great Britain with 29 entrants.

Whats the catch ?

I aint got paypal .. so haha

:eek: