iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Project for when...
  • m0rph
    Posts: 332
    ...this situation in Japan starts to slow down. I will be doing a series on exploits. Covering a wide area of topics such as, what the code in exploits do (more of a lecture), how vulnerabilities can be discovered, and I will finish the series up by doing a walkthrough/tutorial on completing a level of the IO wargame on smashthestack.org

    I've got this saved in a text document on my desktop so I wont forget.


    Thoughts? Comments? Concerns? Also, what format would you guys prefer to see these in (video, text, video w/ mic, other)? I need this info now so I can start building outlines, and finding references.

    Also, for video tutorials, can anyone recommend any video editing software? Movie Maker fails so hard.

    [Update 26MAR2011] I will be cranking out Part 1 by Monday night.
    [Update 28MAR2011] I just recreated my setup for the video, I will hopefully have part 1 completed in a couple of hours.
    [Update 29MAR2011] A link for a download of Part 1 is available on the Part 1 tutorial.
    [Update 30MAR2011] I've removed "calc.exe tests" from Part 2. Also, I have begun making the outline for Part 2 and a video should be up by the end of this coming weekend.
    [Update 02APR2011] Part 2 is most likely going to be in two separate videos, as I am almost done with the outline, and there is a huge amount of information. I will try getting the 1st part of Part 2 up by the end of the weekend (Japan Standard Time)
    [Update 04APR2011] The 1st segment of part 2 has been released. The 2nd segment of part 2 will feature some live demos for better understanding of shellcode (bind, and reverse shells).
    [Update 28APR2011] Sorry about the wait, shit has gotten crazy at work. Just now seeing the complete aftermath of the earthquakes. This should be the last crazy week for a while, so I will for sure get the 2nd segment of Part 2 up, as well as Part 3 before the end of the weekend.
    [Update 04MAY2011] Part 2 is finished entirely now, just check the General Security Discussions/Tutorials directory. I plan on having Part 3 up by Thursday night (JST).
    [Update 04MAY2011] Part 3 will be up at the end of the weekend (Sunday, JST). Expect a great tutorial on fuzzing! :D
    [Update 08MAY2011] Part 3 is done! Part 4 will be started at some point this week...I don't have a release date yet, as I'm about half-way through PWB and I'd like to focus more on that. But when it's finished, it will be epic! Although, I fear the build-up to part 5 will be better than part 5...anyway, later.
    [Update 23MAY2011] I have uploaded all of my tutorial posts with a download link for all 3 parts released so far. Take note though, all of them are in .wmv format. Convert as needed.
    [Update 31MAY2011] Part 4 is on youtube. Download to come in a couple of days.
    while( !(succeed = try() ) );
  • Sh3llc0d3
    Posts: 1,910
    Videos w/ mic :) This would amazing if you can get it done m0rph :). Very eager to see this!.
  • m0rph
    Posts: 332
    said:


    Videos w/ mic :) This would amazing if you can get it done m0rph :). Very eager to see this!.


    I'm going to use this post to keep everyone updated on my progress with the series. I just finished my outline:

    Part 1: How exploits work
        -Coding practices
        -Defining functions of interest
        -Shellcode
        -Common templates for exploits
    Part 2: A little more on Shellcode
    	-How shellcode is executed on the stack
    	-Bind/Reverse shells
    	-Privilege Escalation
    Part 3: Fuzzing
    	-Types of fuzzers (local/network)
    	-How to know if a fuzzer was successful
    	-Determining Buffer Size through fuzzing
    Part 4: Reversing
    	-Touch on how the stack works
    	-Differentiating Functions/Subroutines
    	-Further disassembling functions
    	-Finding return addresses
    Part 5: Proof of Concept
    	-Fuzz our target
    	-Reverse engineer our target to find holes
    	-Exploit
    while( !(succeed = try() ) );
  • Sh3llc0d3
    Posts: 1,910
    Looks great, can't wait to see :)
  • chroniccommand
    Posts: 1,389
    Is it going to be focused more on windows exploitation or *NIX exploitation?
  • Xin
    Posts: 3,251
    Looks good thanks m0rph :) cant wait
    Xin
  • m0rph
    Posts: 332
    said:


    Is it going to be focused more on windows exploitation or *NIX exploitation?

    a little of both...part 5 will be all *nix though, via putty
    while( !(succeed = try() ) );
  • chroniccommand
    Posts: 1,389
    said:


    said:


    Is it going to be focused more on windows exploitation or *NIX exploitation?

    a little of both...part 5 will be all *nix though, via putty




    Sweet. I'm not into windows exploitation that much :P
  • m0rph
    Posts: 332
    Ladies and Gentlemen! The moment of truth is upon us! Within the hour, Part 1 will be uploaded! (possibly for download), but definitely for youtube!
    while( !(succeed = try() ) );
  • Sh3llc0d3
    Posts: 1,910
    Nice one m0rph, can't wait to download and go through the series. I'll watch the video on youtube in a bit :)
  • m0rph
    Posts: 332
    new updates if you haven't been following
    while( !(succeed = try() ) );
Add a Comment