HackThisSite
Encyclopedia
HackThisSite.org, commonly referred to as HTS, is an online hacking and security website. The organization has a userbase of well over 1,300,000. The actual number of active members is believed to be much lower, as most accounts are never used, or are only used shortly after creation. An average of 0.50 members are logged on per day, and the most was 1478 users online at the same time. It aims to provide users with a way to learn and practice basic and advanced "hacking" skills through a series of challenges, in a safe and legal environment.
HackThisSite involves a small, loose team of developers and moderators who maintain its website, IRC server, and related projects. It produces an e-zine
which it releases at various hacker conventions
and through its hackbloc portal. Hard copies of the zine are published by Microcosm
and Quimbys. It also has a short news/blog section run by developers
.
network, where many of its active users congregate. Within this network, users converse on a plethora of topics ranging from current day politics to technical issues with programming and Unix
-based operating systems. Mostly, the HackThisSite IRC network serves as a social gathering of like-minded people to discuss anything. Although there are many channels on the IRC network, the main channel, #hackthissite, has a +R flag which requires users to register their nick before they may join the channel. This requirement helps reduce botnets in the main channel, because they would have to register every nick.
HackThisSite currently has one main set of forums
, because of the recent split from its former sister site CriticalSecurity.Net. The Hackbloc Forums also had many HackThisSite users involved then, however they were recently taken down. Before the split, the CriticalSecurity.net forums had most HTS discussion, specifically related to help with the challenges on the site as well as basic hacking questions. The Hackbloc forums were more for focused hacktivist discussion as well as a place for people to discuss news and plan future projects. Many people criticize the forums as being too 'newbish' compared to IRC, most likely because many new users visit the forums to ask for help with the challenges. HackThisSite is taking steps to try to attract more qualified users to its forums.
s for the missions provided by HackThisSite, to articles regarding advanced techniques in a plethora of programming languages.
errors, to difficult programming
and application
cracking missions. The missions works on a system of points where users are awarded scores based on their completion of missions.
In general, the missions become steadily more difficult as the user advances through a particular mission category.
There are sixteen Realistic Missions which attempt to mimic real, moderate to difficult hacking, in real life situations. Each mission is a complete web site featuring multiple pages and scripts. Users must successfully exploit one or more of the web sites pages to gain access to required data or to produce changes.
Also of recent creation are the "extended basic" missions. These are designed to be code review missions where you learn how to read code and look for flaws.
A set of ten easter eggs hidden around HTS were known as the "HTS missions". One of these "missions" was the fake Admin Panel, for example. Developers later decided to remove HTS easter eggs: some allowed XSS and SQL exploits and many members submitted false bug reports because of them.
missions are also available on the website. The goal in these missions is to extract the hidden message from the media file provided. There are 17 steganography missions available.
. Players can then attempt to gain access to these boxes and defend them from other hackers, similar to past 'king of the hill' styled hacking competitions. The project is currently being rebuilt.
, founder of HackThisSite).
Unhappy with the Groups' failure to take action, HowDark then published the bug on the bugtraq
mailing-list. Malicious users found and exploited the vulnerability which led to the takedown of several phpBB-based bulletin boards and websites. Only then did the admins take notice and release a fix. Slowness to patch the vulnerability by end-users led to an implementation of the exploit in the Perl/Santy
worm (read full article) which defaced upwards of 40,000 websites and bulletin boards within a few hours of its release.
, the founder of HackThisSite, was arrested following an FBI investigation into an alleged hacking of conservative political activist group Protest Warrior
. His apartment was raided by the Chicago FBI, and all electronic equipment was seized. The federal government claimed that a select group of HackThisSite hackers gained access to the Protest Warrior user database, procured user credit-card information and conspired to run scripts that would automatically wire money to a slew of non-profit organizations. The plot was uncovered when a hacker said to have been disgruntled with the progress of the activities turned informant.I
and severely impairing or completely taking down the site.
In one incident, and the last major attack to occur, several blackhat
dissident
s gained root-level access to the website and proceeded to "rm -rf
" the entire site. This led to HTS being down for months.
HackThisSite involves a small, loose team of developers and moderators who maintain its website, IRC server, and related projects. It produces an e-zine
Online magazine
An online magazine shares some features with a blog and also with online newspapers, but can usually be distinguished by its approach to editorial control...
which it releases at various hacker conventions
Computer security conference
A computer security conference is a term that describes a convention for individuals involved in computer security. They generally serve as a meeting place for system and network administrators, hackers, and computer security experts....
and through its hackbloc portal. Hard copies of the zine are published by Microcosm
Microcosm Ltd
Microcosm Ltd is a UK company established in 1979. Its early claims to fame included Silicon Disk System in 1981 and Microcache in 1982 ....
and Quimbys. It also has a short news/blog section run by developers
Software developer
A software developer is a person concerned with facets of the software development process. Their work includes researching, designing, developing, and testing software. A software developer may take part in design, computer programming, or software project management...
.
IRC and forums
HackThisSite is known for its IRCInternet Relay Chat
Internet Relay Chat is a protocol for real-time Internet text messaging or synchronous conferencing. It is mainly designed for group communication in discussion forums, called channels, but also allows one-to-one communication via private message as well as chat and data transfer, including file...
network, where many of its active users congregate. Within this network, users converse on a plethora of topics ranging from current day politics to technical issues with programming and Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
-based operating systems. Mostly, the HackThisSite IRC network serves as a social gathering of like-minded people to discuss anything. Although there are many channels on the IRC network, the main channel, #hackthissite, has a +R flag which requires users to register their nick before they may join the channel. This requirement helps reduce botnets in the main channel, because they would have to register every nick.
HackThisSite currently has one main set of forums
Internet forum
An Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are at least temporarily archived...
, because of the recent split from its former sister site CriticalSecurity.Net. The Hackbloc Forums also had many HackThisSite users involved then, however they were recently taken down. Before the split, the CriticalSecurity.net forums had most HTS discussion, specifically related to help with the challenges on the site as well as basic hacking questions. The Hackbloc forums were more for focused hacktivist discussion as well as a place for people to discuss news and plan future projects. Many people criticize the forums as being too 'newbish' compared to IRC, most likely because many new users visit the forums to ask for help with the challenges. HackThisSite is taking steps to try to attract more qualified users to its forums.
Articles
HackThisSite members contribute original texts to the articles area of the site. This area is broken down into different sections on a range of topics. Some of these sections include Ethics, HTS Challenge Tutorials, and Political Activism. The topics covered in these articles range widely in complexity. Topics range from walkthroughWalkthrough
A walkthrough may refer to one of the following topics:* Strategy guide* Software walkthrough* Tutoring* Rehearsal* Audit* Virtual tour-See also:* Classroom walkthrough* Cognitive walkthrough* List of gaming topics...
s for the missions provided by HackThisSite, to articles regarding advanced techniques in a plethora of programming languages.
Mission challenges
HackThisSite is also host to a series of "missions" aimed at simulating real world hacks. These range from ten basic missions where one attempts to exploit relatively simple server-side scriptingServer-side scripting
Server-side scripting is a web server technology in which a user's request is verified by running a script directly on the web server to generate dynamic web pages. It is usually used to provide interactive web sites that interface to databases or other data stores. This is different from...
errors, to difficult programming
Computer programming
Computer programming is the process of designing, writing, testing, debugging, and maintaining the source code of computer programs. This source code is written in one or more programming languages. The purpose of programming is to create a program that performs specific operations or exhibits a...
and application
Application software
Application software, also known as an application or an "app", is computer software designed to help the user to perform specific tasks. Examples include enterprise software, accounting software, office suites, graphics software and media players. Many application programs deal principally with...
cracking missions. The missions works on a system of points where users are awarded scores based on their completion of missions.
In general, the missions become steadily more difficult as the user advances through a particular mission category.
Basic and realistic challenges
The Web hacking challenges includes eleven Basic Web Challenges. Each challenge consists of an authentication page with a password entry box, plus other files which are to be exploited or attacked in order to gain the correct password. Successful authentication to the main challenge page will advance the user to the next challenge. These challenges are typically considered simple and are used as an introduction to hacking.There are sixteen Realistic Missions which attempt to mimic real, moderate to difficult hacking, in real life situations. Each mission is a complete web site featuring multiple pages and scripts. Users must successfully exploit one or more of the web sites pages to gain access to required data or to produce changes.
Programming missions
A Programming Challenges section also exists. This section currently consists of twelve challenges charging the user to write a program which will perform a specified function within a certain amount of seconds after activation. These programming challenges range from simple missions such as parsing the contents, to reverse-engineering an encryption algorithm. These help users develop and practice on-the-go programming skills.Application missions
The goal of application challenges is generally to extract a key from an application, usually involving some form of reverse-engineering. But other challenges involve program manipulation.New missions
More recently, HTS came out with logic challenges which as moo, HTS's official bot, proclaims "they're not meant as a challenge to overcome like the rest of HTS challenges, they're meant to be overcome by you, and you alone, from solving." In April 2009 the logic challenges were disabled and all points earned from them were removed. One reason cited was concern that the answers could be easily found elsewhere on the internet.Also of recent creation are the "extended basic" missions. These are designed to be code review missions where you learn how to read code and look for flaws.
A set of ten easter eggs hidden around HTS were known as the "HTS missions". One of these "missions" was the fake Admin Panel, for example. Developers later decided to remove HTS easter eggs: some allowed XSS and SQL exploits and many members submitted false bug reports because of them.
Steganography missions
SteganographySteganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
missions are also available on the website. The goal in these missions is to extract the hidden message from the media file provided. There are 17 steganography missions available.
Root This Box
HackThisSite also runs a series of live hacking challenges called RootThisBox where individuals and teams can configure their systems to be used as target boxesServer (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
. Players can then attempt to gain access to these boxes and defend them from other hackers, similar to past 'king of the hill' styled hacking competitions. The project is currently being rebuilt.
Controversy
There has been criticism that HackThisSite's self-description as a "hacker training ground" encourages people to break the law. Many people related to the site state that although some of the skills taught can be used for illegal activities, HackThisSite does not participate in or support such activities. Despite this, several individual members have been arrested and convicted for illegal activity (most notably Jeremy HammondJeremy Hammond
-Hacking charges:On March 17, 2005, Hammond's apartment in Chicago was raided by FBI agents who seized his computers, written records and various electronic media. Hammond alleged the FBI agents were verbally abusive towards him during the raid...
, founder of HackThisSite).
phpBB/HowDark incident
In November 2004 the (now defunct) HackThisSite-based HowDark Security Group notified the phpBB Group, makers of the phpBB bulletin software, of a serious vulnerability in the product. The vulnerability was kept under wraps while it was brought to the attention of the phpBB admins, who after reviewing, proceeded to downplay its risks.Unhappy with the Groups' failure to take action, HowDark then published the bug on the bugtraq
Bugtraq
Bugtraq is an electronic mailing list dedicated to issues about computer security. On-topic issues are new discussions about vulnerabilities, vendor security-related announcements, methods of exploitation, and how to fix them...
mailing-list. Malicious users found and exploited the vulnerability which led to the takedown of several phpBB-based bulletin boards and websites. Only then did the admins take notice and release a fix. Slowness to patch the vulnerability by end-users led to an implementation of the exploit in the Perl/Santy
Santy
Santy is a computer worm created in Perl to exploit a vulnerability in phpBB software which used Google to spread across the internet.Within 24 hours of its release by X_Spec on 20 December 2004, a large number of websites were attacked by Santy. The worm holds a record of spreading worldwide...
worm (read full article) which defaced upwards of 40,000 websites and bulletin boards within a few hours of its release.
Protest Warrior incident
On March 17, 2005 Jeremy HammondJeremy Hammond
-Hacking charges:On March 17, 2005, Hammond's apartment in Chicago was raided by FBI agents who seized his computers, written records and various electronic media. Hammond alleged the FBI agents were verbally abusive towards him during the raid...
, the founder of HackThisSite, was arrested following an FBI investigation into an alleged hacking of conservative political activist group Protest Warrior
Protest Warrior
Protest Warrior was a conservative political activist group. It was formed in 2003 by Alan Lipton and Kfir Alfia in Austin, Texas. The group is primarily known for organizing counter-protests in favor of the Iraq war...
. His apartment was raided by the Chicago FBI, and all electronic equipment was seized. The federal government claimed that a select group of HackThisSite hackers gained access to the Protest Warrior user database, procured user credit-card information and conspired to run scripts that would automatically wire money to a slew of non-profit organizations. The plot was uncovered when a hacker said to have been disgruntled with the progress of the activities turned informant.I
Internal problems
Administrators, developers,and moderators on HackThisSite are arranged in a democratic but highly anarchical fashion. While this structure appears to work at most times, when disputes arise, loyalties tend to become very confusing. Subsequently, HackThisSite has a long history of administrators,developers, and moderators turning darksideBlack hat
A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat, especially in black and white movies....
and severely impairing or completely taking down the site.
In one incident, and the last major attack to occur, several blackhat
Black hat
A black hat is the villain or bad guy, especially in a western movie in which such a character would stereotypically wear a black hat in contrast to the hero's white hat, especially in black and white movies....
dissident
Dissident
A dissident, broadly defined, is a person who actively challenges an established doctrine, policy, or institution. When dissidents unite for a common cause they often effect a dissident movement....
s gained root-level access to the website and proceeded to "rm -rf
Rm (Unix)
rm is a basic UNIX command used to remove objects such as files, directories, device nodes, symbolic links, and so on from the filesystem...
" the entire site. This led to HTS being down for months.
See also
- Hacker (computer security)Hacker (computer security)In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
- HacktivismHacktivismHacktivism is the use of computers and computer networks as a means of protest to promote political ends. The term was first coined in 1994 by a member of the Cult of the Dead Cow hacker collective named Omega...
- H.O.P.E.H.O.P.E.HOPE is a conference series sponsored by the hacker magazine 2600: The Hacker Quarterly. Held biennially in the summer, there have been eight conferences to date with the next scheduled for 13 - 15 July 2012.- HOPE: Hackers On...
- SecuriTeamSecuriTeamSecuriTeam is a free and independent computer security portal, covering both security news and the most recent threats, with a database dating back to 1998...
- Jeremy HammondJeremy Hammond-Hacking charges:On March 17, 2005, Hammond's apartment in Chicago was raided by FBI agents who seized his computers, written records and various electronic media. Hammond alleged the FBI agents were verbally abusive towards him during the raid...