Frequently Asked Questions
Depending on what you are trying to accomplish, your path will vary. A good place to get started is our Neophyte's Guide.
There are many ways that you can help to contribute to the group. What we're really looking for is for people to contribute information to our site. You can post on the forums, talk in IRC, or email rat[at]soldierx.com concerning adding entries to the hdb/books/tutorials/etc. If this isn't really your thing, there are a number of other ways that you can help SOLDIERX.
We accept paypal and hardware donations - contact rat[at]soldierx.com if you are interested in helping this way.
We no longer receive commissions from Amazon Associates.
Last but not least, we sell shirts to help spread the word about our site. We sell them at base cost ($15) plus shipping ($5 inside the USA).
VIP access can be obtained by donating $40 to the group or by winning in one of our many contests. Many people spend over $40 just going out to eat, so hopefully this isn't outrageous to people. Please contact RaT for information on how to donate.
If you are serious about joining SOLDIERX, you should have at least 5-10 hours of time to give to the group each week. The first step in becoming a member is to become a recruit. In order to become a recruit you need to contact RaT with the following information:
Handle:
Contact Information (AIM, yahoo, etc):
Skills (reverse engineering, writing, programming, etc):
Hours Available:
Why You Want To Join SOLDIERX:
What You Will Do For Your First Project:
If everything is in order, then the High Council will grant you recruit status and you will be assigned to a member of the group. They will try to keep you on track with your first project. They will also be available to help you with any questions that you may have. If you are able to complete tasks and prove yourself to the group, you will be granted inductee status. Once you are an inductee, you will be required to finish a large project. Upon successful completion of the project, the High Council will review your work and grant you full Crew membership if your work is satisfactory.
The SX community, established in 1997, trains new hackers and brings existing hackers from around the world together. SX has produced numerous infosec tools, conference talks, and has been key in identifying hackers in our HDB (hacker database). To view a much longer history, please see The History of SOLDIERX. Please keep in mind that our longer history only currently goes up to 2001.
If you do not have an account on the site, then you are very limited by what you can view. When you get an account, you agree to comply with our disclaimers - so there is a greater deal of content that we can legally offer you (our usage policy still applies without an account however). There are also various levels of membership - in some cases some information is restricted from lower user groups. The current hierarchy is as follows:
Anonymous User - the level assigned to anybody who accesses the site without an account.
Authenticated User - anybody who has an account.
SOLDIERX VIP - anybody who has donated to the group.
SOLDIERX Recruit - people being recruited into SX, status prior to become an actual inductee.
SOLDIERX Inductee - inductees of the SOLDIERX group (people working towards membership status).
SOLDIERX Member - member of the SOLDIERX group.
SOLDIERX Retired - retired member of the SOLDIERX group.
SOLDIERX High Council - member of the SOLDIERX High Council.
SOLDIERX Admin - reserved for members of the SOLDIERX group who administer the site.
If you have any questions or comments, please direct them to rat[at]soldierx.com.
Viewing replies and comments are reserved for members of the site. This may be changed in the future, but currently it is the way that we are setup. Please create an account and you will be able to see all of the comments and replies.
The HDB is a community oriented database intended to document hackers, phreakers, and people who have influenced the realm of computer security. One major goal is to get factual documentation concerning people who are in the database. Another goal is to get rumors (unconfirmed possible facts) to be listed in the rumors section of their entry. If there are entries or information that somebody would like to see in the database, feel free to contact me or cisc0ninja with the information and your sources and we will be more than happy to make it a part of the database. If there is information that you need censored (such as your full real name) you will need to contact RaT in order to get those changes made.
The usage policy is as follows:
These terms of use and restrictions regarding the use of soldierx.com websites (such as www.soldierx.com or irc.soldierx.com) apply to you and are agreed to apply to you by your using a soldierx.com website in any manner. If at any time you do not agree with these terms, your only legal option is to discontinue use.
You warrant that you will not use content from these sites for any purpose that is unlawful or prohibited by this usage policy. If you violate these terms, your right to use these sites and any content from these sites is automatically terminated. You warrant as well that you may come in contact with content on these sites that offensive, indecent, or objectionable, and that you will not hold soldierx.com or other entities responsible for that. You browse these sites at your own risk.
You agree to indemnify, hold harmless, and otherwise not sue or hold liable, soldierx.com, its members, or anyone else who has ever used these websites against all claims, damages, legal fees, costs, or other payments.
Please report any violations or questions regarding this policy to [email protected]
We collect and use any information generated from using this site, but we do not sell or distribute the information to third parties. The data collected may include Apache log information, or any other information you send to this server or other soldierx.com servers.
If you choose to violate the rules of the forums, attack this site or its members, or access the site from a military or government network - then your information may be posted on this site. This is the only exception to our privacy policy. If you attack us or ignore the rules, expect your information to be disseminated.
SOLDIERX authored software is software that was actually produced within SOLDIERX. You can find it in the Labs section. It does NOT include software that we have reverse engineered!
The author of the software is allowed to specify their own license for release if they wish. If they do not provide one, then it will fall under the default SOLDIERX Software License. The current license is as follows:
TERMS AND CONDITIONS:
Redistribution and use in source and binary forms are permitted provided that this notice is
preserved and that due credit is given to the copyright holders. The names of the copyright
holders may not be used to endorse or promote products derived from this software without
specific prior written permission.
The right to use, modify, incorporate or create derivatives of, are given provided that
this notice is preserved and that due credit is given to the copyright holders. The above
rights are granted subject to the condition that any charge for a product or application that
uses [software name] does not include any charge for [software name] or any portion of [software name].
The views and conclusions contained in the software and documentation are those of the
authors and should not be interpreted as representing official policies, either expressed
or implied, of SOLDIERX.COM.
THIS SOFTWARE IS PROVIDED BY SOLDIERX.COM "AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORTIOUS ACTION (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Interestingly enough, we don't forbid you from reverse engineering our software
Blogs are personal space and will not be edited/deleted unless if they contain personal information (ie SSN) or extremely illegal content.
Linux is a Unix-like operating system that was designed to provide personal computer users a free or very low-cost operating system comparable to traditional and usually more expensive Unix systems. Linux has a reputation as a very efficient and fast-performing system. Linux's original kernel (the central part of the operating system) was developed by Linus Torvalds at the University of Helsinki in Finland. To complete the operating system, Torvalds and other team members made use of system components developed by members of the Free Software Foundation for the GNU Project.
Unlike Windows and other proprietary systems, Linux is publicly open and extendible by contributors. Because it conforms to the Portable Operating System Interface standard user and programming interfaces, developers can write programs that can be ported to other operating systems. Linux comes in versions for all the major microprocessor platforms including the Intel, PowerPC, Sparc, and Alpha platforms. It's also available on IBM's S/390.
SOLDIERX officially supports GNU Debian Linux. Please see http://www.debian.org for more information.
It's all in personal preference. SOLDIERX officially supports GNU Debian Linux. Please see http://www.debian.org for more information.
There is a good guide on choosing a distribution located at http://www.desktoplinux.com/articles/AT3269115798.html
If you are looking to learn Linux, Amp suggests trying out a Live CD distro. He personally recommends Kubuntu (The KDE derivative of Ubuntu) to newer users who are looking for something to use to learn the basics of operating within a Linux environment.
IRC stands for "Internet Relay Chat". It was originally written by Jarkko Oikarinen in 1988. Since starting in Finland, it has been used in over 60 countries around the world. IRC is a multi-user chat system, where people meet on "channels" (rooms, virtual places, usually with a certain topic of conversation) to talk in groups, or privately. There is no restriction to the number of people that can participate in a given discussion, or the number of channels that can be formed on IRC. To join an IRC discussion, you need an IRC client and Internet access.
Some IRC Clients:
mIRC - popular Windows graphical client
XChat - popular Linux/Windows graphical client
XChat Aqua - popular Mac OS X port of XChat
BitchX - popular terminal based client for Unix-like operating systems
Irssi - popular terminal based client originally for Linux but now for Windows also
Wargames are computers set up for you or a team to hack (legally). Mainly these games are played to learn more about system penetration and how to prevent those penetrations.
Wargame Links:
http://hax.tor.hu/welcome/
http://www.zeroidentity.org/
http://www.hackerslab.org/
http://www.overthewire.org/
http://www.mod-x.co.uk/
http://www.hackthissite.org/
http://www.rootthisbox.org/
http://www.hellboundhackers.org/
http://hackergames.net/
http://www.honeynet.org/
http://www.trythis0ne.com/
http://intruded.net/
http://chumley.biz/
http://smashthestack.org/
http://www.blind-dice.com/
http://www.net-force.nl/
http://www.bright-shadows.net/
http://www.dareyourmind.net/
http://www.fatetek.net/
http://www.hackits.de/
http://www.hackquest.de/
http://www.rankk.org/
http://fifthcrack.com/
A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack. For example, Nimda gained entrance through a back door left by Code Red.
It is important to take note that backdoors are not always simple to get into. Many attackers create backdoors that are much more difficult to access than the normal methods of accessing the system. This is to protect the backdoor from other attackers as well as preventing detection of the backdoor.
root is the highest form of access you can get on a Unix-like operating system such as Linux. "root" is the name of the user who can control everything on the entire computer. We call this the "super user."
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers.
One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.
DoS is a single machine/attack while DDoS involves a large number of machines (usually a botnet) attacking.
Some DoS attacks:
ICMP Flood
Tear Drop
Ping of Death
Smurf Attack.
An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack.
Many exploits are designed to provide superuser-level access to a computer system. However, it is also possible to use several exploits, first to gain low-level access, then to escalate privileges repeatedly until one reaches root.
Normally a single exploit can only take advantage of a specific software vulnerability. Often, when an exploit is published, the vulnerability is fixed through a patch and the exploit becomes obsolete for newer versions of the software. This is the reason why some blackhat hackers do not publish their exploits but keep them private to themselves or other malicious crackers. Such exploits are referred to as 'zero day exploits' or '0day exploits' and to obtain access to such exploits is the primary desire of malicious attackers.
There are automated exploitation systems such as CANVAS and Metasploit that include many exploits, an automated exploitation system, and a exploit development framework to malicious attackers/penetration testers/security professionals.
We officially endorse http://tunnelr.com as we know the main creator.
They wipe logs every 24 hours, they offer ssh/openvpn, and they sponsor SX. What more could you ask for?
Yes, one of the members of our group created a group at https://www.facebook.com/soldierxDOTcom