compiled exploits illegal?
Page 1 of 4 123 ... LastLast
Results 1 to 10 of 31

Thread: compiled exploits illegal?

  1. #1

    compiled exploits @ this site.. is it illegal?

    What are your opinions on compiled exploits on web sites? Is it illegal to compile and provide them for download (i.e. this site or is it just bad taste?
    Dyn/Gnosis ~ Powerful/Knowledge
    www.Dyngnosis.com
    Tutorials - Site Penetration Logs - (TheCommunity)Forums - Toolss

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    I won't speak towards the legality of posting them, but more towards the morality of posting them. Why would you want to help every Tom, Dick & Script Kiddie launch exploits? Now I know you can preach up and down that you have no control over what other people do with these exploits, but again, just by making them available, that IMHO makes you not that much different from a Script Kiddie.

    My 2 cents mate.
    DjM

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    If you publish a exploit as a "proof-of-concept", but make it harmless, i cant see a problem.
    You can see some at malware.com.
    However, in some countries (i think in France) is considered illegal.

    but where you saw that on the site you have mencioned?
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    There is a 'members section' when you sign up under the files section... it's been a bit wacky today and been up and down... the forums have been changing too it looks like its a work in progress...

    there were a bunch of exploit up though ... the exploit was compiled into an EXE and the .c source was also provided...

    I grabbed them all right away
    Dyn/Gnosis ~ Powerful/Knowledge
    www.Dyngnosis.com
    Tutorials - Site Penetration Logs - (TheCommunity)Forums - Toolss

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Well, that's an interesting question:

    What are your opinions on compiled exploits on web sites? Is it illegal to compile and provide them for download
    Basically "legality/illegality" depends on the laws of your own country. Morality is another matter.

    I get quite a few examples of "compiled executables"............errrrrrrr.......... "unexploded bombs".........generally not a good idea to post them in the open forums though..........PM them until you get to be an addict or a senior.

    No disrespect to yourself, but we try not to give skiddies ammunition, I am sure that you can appreciate my reservations, and those of fellow members.

    Good luck

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    No disrespect to yourself, but we try not to give skiddies ammunition, I am sure that you can appreciate my reservations, and those of fellow members.
    good point nihil. As i mencioned, i just a matter of PoC or be an *******. Nowadays its hard to try to show to community a breach without attract a bunch of teenagers without life.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  7. #7
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    To my knowledge this would not be illegal in the US unless the exploit is a way to get around a copy protection, in which case the DMCA might be violated. Bullshit law, but it's on the books. As for the moral side I would have check into the site a little more. If it's turn key exploits to cause DoS attacks then I would say it's in bad taste to give out a compiled version.

  8. #8
    I've confirmed they are in the files section.. there were 13 of them posted but it seems only 3 are there right now... also the d/l counters were reset so it looks like its a 'work in progress'. I had to join with a valid email in order to download...

    there are actual tutorials and stuff there as well... step by step 'penetration testing' ..it looks like the site is more geared toward people with an intrest in network security rather then hacker script kiddie types.

    my apoligies if I've offended any of the senior members of the site... if a mod sees fit and wants to delete this post I understand --though i do think its on topic

    (PS I've verified one of the exploits in my lab so at least im not d/ling viruses hehe)

    cheers
    Jer
    Dyn/Gnosis ~ Powerful/Knowledge
    www.Dyngnosis.com
    Tutorials - Site Penetration Logs - (TheCommunity)Forums - Toolss

  9. #9
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    what is wrong with a "step by step" penetration test? i use to read those to test my configurations.....

    its a problem of audience, not the content.

    If its for security guys, this must be stated cleary on the site, and appropriate actions must be taken against "bad guys" (=ban). Otherwise, "good guys" will think that is a "wannabe site"
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  10. #10
    cacosapo,

    agreed.. thats why I said "...it seems it geared more toward the security professional then script kiddies..."

    We'll just have to see what goes on at the site and what is and isn't allowed I suppose.

    in anycase.. I'm sticking around to check it out... forums seems dead though hehe
    Dyn/Gnosis ~ Powerful/Knowledge
    www.Dyngnosis.com
    Tutorials - Site Penetration Logs - (TheCommunity)Forums - Toolss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •