compiled exploits illegal?

[dynagnosis]

What are your opinions on compiled exploits on web sites? Is it illegal to compile and provide them for download (i.e. this site or is it just bad taste?

[DjM]

I won't speak towards the legality of posting them, but more towards the morality of posting them. Why would you want to help every Tom, Dick & Script Kiddie launch exploits? Now I know you can preach up and down that you have no control over what other people do with these exploits, but again, just by making them available, that IMHO makes you not that much different from a Script Kiddie.

My 2 cents mate.

[cacosapo]

If you publish a exploit as a "proof-of-concept", but make it harmless, i cant see a problem.
You can see some at malware.com.
However, in some countries (i think in France) is considered illegal.

but where you saw that on the site you have mencioned?

[dynagnosis]

There is a 'members section' when you sign up under the files section... it's been a bit wacky today and been up and down... the forums have been changing too it looks like its a work in progress...

there were a bunch of exploit up though ... the exploit was compiled into an EXE and the .c source was also provided...

I grabbed them all right away

[nihil]

Well, that's an interesting question:

What are your opinions on compiled exploits on web sites? Is it illegal to compile and provide them for download

Basically "legality/illegality" depends on the laws of your own country. Morality is another matter.

I get quite a few examples of "compiled executables"............errrrrrrr.......... "unexploded bombs".........generally not a good idea to post them in the open forums though..........PM them until you get to be an addict or a senior.

No disrespect to yourself, but we try not to give skiddies ammunition, I am sure that you can appreciate my reservations, and those of fellow members.

Good luck

[cacosapo]

No disrespect to yourself, but we try not to give skiddies ammunition, I am sure that you can appreciate my reservations, and those of fellow members.

good point nihil. As i mencioned, i just a matter of PoC or be an *******. Nowadays its hard to try to show to community a breach without attract a bunch of teenagers without life.

[Irongeek]

To my knowledge this would not be illegal in the US unless the exploit is a way to get around a copy protection, in which case the DMCA might be violated. Bullshit law, but it's on the books. As for the moral side I would have check into the site a little more. If it's turn key exploits to cause DoS attacks then I would say it's in bad taste to give out a compiled version.

[dynagnosis]

I've confirmed they are in the files section.. there were 13 of them posted but it seems only 3 are there right now... also the d/l counters were reset so it looks like its a 'work in progress'. I had to join with a valid email in order to download...

there are actual tutorials and stuff there as well... step by step 'penetration testing' ..it looks like the site is more geared toward people with an intrest in network security rather then hacker script kiddie types.

my apoligies if I've offended any of the senior members of the site... if a mod sees fit and wants to delete this post I understand --though i do think its on topic

(PS I've verified one of the exploits in my lab so at least im not d/ling viruses hehe)

cheers
Jer

[cacosapo]

what is wrong with a "step by step" penetration test? i use to read those to test my configurations.....

its a problem of audience, not the content.

If its for security guys, this must be stated cleary on the site, and appropriate actions must be taken against "bad guys" (=ban). Otherwise, "good guys" will think that is a "wannabe site"

[dynagnosis]

cacosapo,

agreed.. thats why I said "...it seems it geared more toward the security professional then script kiddies..."

We'll just have to see what goes on at the site and what is and isn't allowed I suppose.

in anycase.. I'm sticking around to check it out... forums seems dead though hehe