What do you want to learn about?

zorrophreak · 11-08-2016, 04:19 AM

(10-15-2016, 09:12 PM)pvnk Wrote: I want to learn about exploiting bootrom vulnerabilities on older iDevices.

This. This has been my greatest wonder since I first touched an iPhone. I've looked into it, although it would be awesome to see something from you on this. So I second this idea.

phyrrus9 · 11-08-2016, 05:14 PM

(11-08-2016, 04:19 AM)zorrophreak Wrote:
(10-15-2016, 09:12 PM)pvnk Wrote: I want to learn about exploiting bootrom vulnerabilities on older iDevices.

This. This has been my greatest wonder since I first touched an iPhone. I've looked into it, although it would be awesome to see something from you on this. So I second this idea.

Apologies for what looks like a gravedig, but I never did get an answer to my question:

(10-15-2016, 09:48 PM)phyrrus9 Wrote: Now that's an interesting one. Do you have any specific family or exploit in mind or were you hoping to find your own?

I would be happy to go over exploits like the 0x24000 segment overflow or pwnage, but it will take a large attention span from you guys to go over SHA-1 segment overflow and limera1n. On another note, if you guys have older gen devices then I can run you through a "simulation" crash course where we discover, triage, probe, and exploit one of the existing bootrom exploits.

zorrophreak · 11-11-2016, 02:08 AM

(11-08-2016, 05:14 PM)phyrrus9 Wrote:
Spoiler:
(11-08-2016, 04:19 AM)zorrophreak Wrote:
(10-15-2016, 09:12 PM)pvnk Wrote: I want to learn about exploiting bootrom vulnerabilities on older iDevices.

This. This has been my greatest wonder since I first touched an iPhone. I've looked into it, although it would be awesome to see something from you on this. So I second this idea.

Apologies for what looks like a gravedig, but I never did get an answer to my question:

(10-15-2016, 09:48 PM)phyrrus9 Wrote: Now that's an interesting one. Do you have any specific family or exploit in mind or were you hoping to find your own?
I would be happy to go over exploits like the 0x24000 segment overflow or pwnage, but it will take a large attention span from you guys to go over SHA-1 segment overflow and limera1n. On another note, if you guys have older gen devices then I can run you through a "simulation" crash course where we discover, triage, probe, and exploit one of the existing bootrom exploits.

Not the one who suggested this initially, hence why I didn't answer the question, just expressed continued interest. Your simulation crash course seems interesting/appealing as I have an old iPad 1st Generation and an iPod2G (MC model.) Although the ideas mentioned before seem appealing too. If you think SHA-1 Segment Overflow or limera1n (what was the last device succeptible to SHA-1 SO btw...?) is too much work/too confusing/etc..., then learning and diving into 0x24000 or pwnage would be cool.

Also, might I ask, pwnage 1 or 2?

meow · 11-11-2016, 02:17 AM

Browser exploitation through Flash (and other adobe extensions) would be nice.

d0ntjump · 11-11-2016, 03:54 AM

How about ssh exploitation --> Maybe learn how to build a bot to sniff ports for servers.

phyrrus9 · 11-13-2016, 04:58 AM

(11-11-2016, 02:08 AM)zorrophreak Wrote:
(11-08-2016, 05:14 PM)phyrrus9 Wrote:
Spoiler:
(11-08-2016, 04:19 AM)zorrophreak Wrote: This. This has been my greatest wonder since I first touched an iPhone. I've looked into it, although it would be awesome to see something from you on this. So I second this idea.

Apologies for what looks like a gravedig, but I never did get an answer to my question:

(10-15-2016, 09:48 PM)phyrrus9 Wrote: Now that's an interesting one. Do you have any specific family or exploit in mind or were you hoping to find your own?
I would be happy to go over exploits like the 0x24000 segment overflow or pwnage, but it will take a large attention span from you guys to go over SHA-1 segment overflow and limera1n. On another note, if you guys have older gen devices then I can run you through a "simulation" crash course where we discover, triage, probe, and exploit one of the existing bootrom exploits.

Not the one who suggested this initially, hence why I didn't answer the question, just expressed continued interest. Your simulation crash course seems interesting/appealing as I have an old iPad 1st Generation and an iPod2G (MC model.) Although the ideas mentioned before seem appealing too. If you think SHA-1 Segment Overflow or limera1n (what was the last device succeptible to SHA-1 SO btw...?) is too much work/too confusing/etc..., then learning and diving into 0x24000 or pwnage would be cool.

Also, might I ask, pwnage 1 or 2?

SHA-1 and limera1n are different exploits. All of limera1n was fixed at the launch of the 4S, however only most of SHA was fixed then as well, the remainder fixed with the 6.

(11-11-2016, 03:54 AM)d0ntjump Wrote: How about ssh exploitation --> Maybe learn how to build a bot to sniff ports for servers.

Writing a bot to detect ports is fairly easy, and I would be happy to do that. Actually exploiting bugs in the SSH backend isn't anything I've had experience with but I would be willing to go over the general theory and process behind doing such a thing.

d0ntjump · 11-13-2016, 10:01 AM

(11-13-2016, 04:58 AM)phyrrus9 Wrote:
(11-11-2016, 02:08 AM)zorrophreak Wrote:
(11-08-2016, 05:14 PM)phyrrus9 Wrote:
Spoiler:
Apologies for what looks like a gravedig, but I never did get an answer to my question:

I would be happy to go over exploits like the 0x24000 segment overflow or pwnage, but it will take a large attention span from you guys to go over SHA-1 segment overflow and limera1n. On another note, if you guys have older gen devices then I can run you through a "simulation" crash course where we discover, triage, probe, and exploit one of the existing bootrom exploits.

Not the one who suggested this initially, hence why I didn't answer the question, just expressed continued interest. Your simulation crash course seems interesting/appealing as I have an old iPad 1st Generation and an iPod2G (MC model.) Although the ideas mentioned before seem appealing too. If you think SHA-1 Segment Overflow or limera1n (what was the last device succeptible to SHA-1 SO btw...?) is too much work/too confusing/etc..., then learning and diving into 0x24000 or pwnage would be cool.

Also, might I ask, pwnage 1 or 2?

SHA-1 and limera1n are different exploits. All of limera1n was fixed at the launch of the 4S, however only most of SHA was fixed then as well, the remainder fixed with the 6.

(11-11-2016, 03:54 AM)d0ntjump Wrote: How about ssh exploitation --> Maybe learn how to build a bot to sniff ports for servers.

Writing a bot to detect ports is fairly easy, and I would be happy to do that. Actually exploiting bugs in the SSH backend isn't anything I've had experience with but I would be willing to go over the general theory and process behind doing such a thing.

Awesome! I'm all ears... Looking forward to a tutorial.

mothered · 11-13-2016, 02:32 PM

(10-15-2016, 06:10 PM)Slacker Wrote: Both. I want to be able to gain access get the db root it (I think its called lol) and deface

Then learn a server-side scripting language (PHP), and also SQL to query databases , thereby perform all sorts of actions- example modify, update, delete data from the database.

Both languages are quite easy to learn.

Slacker · 11-16-2016, 07:20 AM

Excellent I'll look I to it. Didn't disapear like y'all thought I did huh lol

Korvus · 12-15-2016, 02:00 AM

(11-07-2016, 08:29 PM)millionandbell Wrote: I would like to learn about server administration, implementing a server and maintaining one, this thread is too good of a thread to let die so if this is considered gravedigging I apologize

I could probably teach you on that one, I mean that's a part of my classes. We usually spend our time in VMWare setting up Server 2012 and client computers.

What do you want to learn about?
Author Message