iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Wargame 1 WhiteHats VS Blackhats Date TBC
  • Xin
    Posts: 3,251
    Planning thread for the 1st wargame, White vs Black is the name/theme.
    Help me with the rules and stuff like that.
    Format:
    - Up to 5 Players Per team
    - Hamachi network
    - Two identical OS's running a range of vulnerable scripts they must exploit for points

    Rules:

    Xinapses Vulns
    - Website with LFI vuln, leading to /etc/passwd to be read
    - With this they can login to SSH with one of the users who has an empy/weak password
    - He is then met with a stack based buffer overflow C file in which he can exploit to get root access/backconnect whatever his shellcode wants.

    Chronics Vulns

    Semtex's Vulns
    Xin
  • chroniccommand
    Posts: 1,389
    said:


    Planning thread for the 1st wargame, White vs Black is the name/theme.
    Help me with the rules and stuff like that.
    Format:
    - Up to 5 Players Per team
    - Hamachi network
    - Two identical OS's running a range of vulnerable scripts they must exploit for points

    Rules:

    Xinapses Vulns
    - Website with LFI vuln, leading to /etc/passwd to be read
    - With this they can login to SSH with one of the users who has an empy/weak password
    - He is then met with a stack based buffer overflow C file in which he can exploit to get root access/backconnect whatever his shellcode wants.

    Chronics Vulns

    Semtex's Vulns



    Still thinking about my vulns. Maybe I'll whip up a vulnerable C program that provides root access.
    EDIT:
    Alright, got a bit of a vuln for ya. It's a basic cmdline password program.

    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>

    int authcheck(char *password){
    int auth = 0;
    char pass_buff[25];
    strcpy(pass_buff, password);
    if(strcmp(pass_buff, \"iexploit1\") == 0)
    {
    	auth = 1;
    }

    return auth;
    }

    int main(int argc, char *argv[]) {
    if(argc < 2)
    {
    printf(\"Usage: %s <password>\n\", argv[0]);
    return 0;
    }
    if(authcheck(argv[1]))
    {
    printf(\"Password accepted\n\");
    }
    else
    {
    printf(\"No access\n\");
    }
    }

    It's vuln because of the strcpy in the function authcheck(). The user can exploit it and gain root priv's using proper shellcode and such
Add a Comment