iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (2)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Wargames Rules
  • Xin
    Posts: 3,251
    Check this out

    http://p6drad-teel.net/~windo/wargame/?page=rules
    Xin
  • chroniccommand
    Posts: 1,389
    K? And? Are we gonna be using these rules for a competition or something?
  • Sh3llc0d3
    Posts: 1,910
    I definitely think we should do something similar. Team game would be good, just a case of organisation etc.
  • chroniccommand
    Posts: 1,389
    said:


    I definitely think we should do something similar. Team game would be good, just a case of organisation etc.



    Agreed. We could do something like this every month. Kinda like a CTF competition between two teams. Can admins/mods/dev's participate?
  • Xin
    Posts: 3,251
    Yeah we could all develop a vulnerability each, but we could say were not aloud to exploit the vulnerability we made to make it fair. But yeah i definately want to get this running every month and lets try get one up for this weekend
    Xin
  • Sh3llc0d3
    Posts: 1,910
    Sounds like a plan to me guys, would be good to make it competitive and get things going/encourage the members. Special signatures for the winners or something
  • chroniccommand
    Posts: 1,389
    said:


    Yeah we could all develop a vulnerability each, but we could say were not aloud to exploit the vulnerability we made to make it fair. But yeah i definately want to get this running every month and lets try get one up for this weekend



    Like we all develop a simple vulnerable C code so the user can exploit it?
    For example, a program that does math but is exploitable.
  • Xin
    Posts: 3,251
    said:


    said:


    Yeah we could all develop a vulnerability each, but we could say were not aloud to exploit the vulnerability we made to make it fair. But yeah i definately want to get this running every month and lets try get one up for this weekend



    Like we all develop a simple vulnerable C code so the user can exploit it?
    For example, a program that does math but is exploitable.


    We will need a preconfigured OS before this will work, as most basic overflows are patched on linux nowadays, you need to disable/enable some stack trace thing i cant remember though
    Xin
  • chroniccommand
    Posts: 1,389
    said:


    said:


    said:


    Yeah we could all develop a vulnerability each, but we could say were not aloud to exploit the vulnerability we made to make it fair. But yeah i definately want to get this running every month and lets try get one up for this weekend



    Like we all develop a simple vulnerable C code so the user can exploit it?
    For example, a program that does math but is exploitable.


    We will need a preconfigured OS before this will work, as most basic overflows are patched on linux nowadays, you need to disable/enable some stack trace thing i cant remember though

    You'd need to do some configuring such as disabling stack protection with gcc's -fno-stack-protector. You could also use a version of Linux that's vulnerable like the live disk that comes with Hacking: The art of exploitation.
  • Xin
    Posts: 3,251
    said:


    said:


    said:


    said:


    Yeah we could all develop a vulnerability each, but we could say were not aloud to exploit the vulnerability we made to make it fair. But yeah i definately want to get this running every month and lets try get one up for this weekend



    Like we all develop a simple vulnerable C code so the user can exploit it?
    For example, a program that does math but is exploitable.


    We will need a preconfigured OS before this will work, as most basic overflows are patched on linux nowadays, you need to disable/enable some stack trace thing i cant remember though

    You'd need to do some configuring such as disabling stack protection with gcc's -fno-stack-protector. You could also use a version of Linux that's vulnerable like the live disk that comes with Hacking: The art of exploitation.


    Yeah thats the thing, and yeah got that baby booted up right now :) im basing myn off some of their codes
    Xin
  • Sh3llc0d3
    Posts: 1,910
    As I don't know C and my C++ code is probably no where near up to scratch i'll try coming up with something in Perl. I'll give the script over and whoever's root can chmod 705 it to stop 'others' from CAT'in the source etc.
  • Xin
    Posts: 3,251
    said:


    As I don't know C and my C++ code is probably no where near up to scratch i'll try coming up with something in Perl. I'll give the script over and whoever's root can chmod 705 it to stop 'others' from CAT'in the source etc.



    Sounds good :)
    Xin
  • chroniccommand
    Posts: 1,389
    said:


    As I don't know C and my C++ code is probably no where near up to scratch i'll try coming up with something in Perl. I'll give the script over and whoever's root can chmod 705 it to stop 'others' from CAT'in the source etc.



    Sounds decent for simple challenges. You wouldn't be able to create a perl script thats vuln to something like a BoF, but you could set permissions and have a user get permissions to read the code. Similarly, I put a wargame in my wargame pack(I think its 7 or 8), where the user has to use gdb to list the source code where the pass is.
    EDIT:
    I'm not sure if theres any native debuggers for perl codes. I know for memory debugging you can use GDB, and for python there's PDB.
  • Sh3llc0d3
    Posts: 1,910
    Yeah i'm thinking of something like a back-connect file that whoever can use if they enter a correct password, or complete a task, something similar. Either that or a script that'll give them instant privs or access to something else like you said.
Add a Comment