Jump to content
Report any bug Read more... ×
We're hiring! We are accepting applications for Developers, Teachers, Redactors and Junior Moderators. Read more... ×
Search In
  • More options...
Find results that contain...
Find results in...

Create an account on our board

or login and enjoy all the possibilities

Existing user? Sign In

Sign In



Sign Up

Learn Or Teach

You can learn computer security by practicing in the Dashboard, you can also be taught by a teacher. Or You can teach community members regardless of your specialty, and earn points for each person!

Learn or Teach

The Challenges

The new Challenges page is here. Take advantage of several vulnerable web applications to help train you such as, DVWA, XVWA, Mutillidae. You can also launch an existing or custom virtual machine.

Play Now !

Collaboration Room

The first categories of the forum are rooms that you can create or join in order to participate in events with the other members of the community. You can also create your room to make a teaching request, or attend your teacher's presentation. In this room you can create a private forum, store your information, invite other people etc.

Create Room

Create your club

You can create a club with your friends, earn points in teams. Creating a club gives you access to a team space. There you will have a private forum where you can store files, share information etc. Invite your friends and play together!

Create yours now!

VIP

Several VIP packs are available, understand that the survival of this site depends on it. Of course you can buy this pack with your points won during events. Formulas: Vip Member Vip Teacher Vip student

Buy
News
  • For new users read this
  • Challenges
  • for new users thank you to post in introduction and answer "Accept" on the topic of the rules to have access to the integrity of the forum and receive your Exploit-Code
  • The challenges board is being developed you are likely to encounter some bugs if this is the case report to an administrator.
  • Blogs

    1. iOS URL Scheme Could Let App-in-the-Middle Attackers Hijack Your Accounts

      Apple-ios-custom-url-scheme.jpg

      Security researchers have illustrated a new app-in-the-middle attack that could allow a malicious app installed on your iOS device to steal sensitive information from other apps by exploiting certain implementations of Custom URL Scheme.

      By default on Apple's iOS operating system, every app runs inside a sandbox of its own, which prevent all apps installed on the same device from accessing each other's data.

      However, Apple offers some methods that facilitate sending and receiving very limited data between applications.

      One such mechanism is called URL Scheme, also known as Deep Linking, that allows developers to let users launch their apps through URLs, like 
      facetime://whatsapp://fb-messenger://.

      For example, when you click "Sign in with Facebook" within an e-commerce app, it directly launches the Facebook app installed on your device and automatically process the authentication.

      In the background, that e-commerce app actually triggers the URL Scheme for the Facebook app (
      fb://) and passes some context information required to process your login.

      Researchers at Trend Micro noticed that since Apple does not explicitly define which app can use what keywords for their Custom URL Scheme, multiple apps on an iOS device can use single URL Scheme—which eventually could trigger and pass sensitive data to a completely different app unexpectedly or maliciously.

       

      Quote

      "This vulnerability is particularly critical if the login process of app A is associated with app B," the researchers said.


      To demonstrate this, researchers illustrated an attack scenario, as shown in the image above, using an example of a Chinese retailer app "Suning" and its implementation of "Login with WeChat" feature, explaining how it is susceptible to hacking.

       

      ios-custom-url-scheme.png

      In Short, when the Suning app users choose to access their e-commerce account using WeChat, it generates a login-request and sends it to the WeChat app installed on the same device using the iOS URL Scheme for the messaging app. WeChat app then requests a secret login token from its server and sends it back to the Suning app for authentication.

      Researchers found that since Suning always uses the same login-request query to request the secret token and WeChat does not authenticate the source of the login request, the implementation is vulnerable to the app-in-the-middle attack via the iOS URL Scheme, eventually allowing attackers gain unauthorized access to users' accounts.

       

      Quote

      "With the legitimate WeChat URL Scheme, a fake-WeChat can be crafted, and Suning will query the fake one for Login-Token. If the Suning app sends the query, then the fake app can capture its Login-Request URL Scheme.

       

      Quote

      "WeChat recognizes it, but it will not authenticate the source of the Login-Request. Instead, it will directly respond with a Login-Token to the source of the request. Unfortunately, the source could be a malicious app that is abusing the Suning URL scheme."


      That means, a malicious app with the same Custom URL Scheme as a targeted application can trick other apps into sharing users' sensitive data with it or can perform unauthorized actions, potentially resulting in the loss of privacy, bill fraud, or exposure to pop-up ads.
       

      Quote

      "In our research, plenty of apps that our system audited were found taking advantage of this feature to show ads to victims. Potentially malicious apps would intentionally claim the URL Scheme associated with popular apps: wechat://, line://, fb://, fb-messenger://, etc. We identified some of these malicious apps," the researchers said.


      Since the exploitability of this vulnerability totally depends upon the way a URL Scheme has been implemented, app developers and popular platforms are recommended to review their apps and validate fix for untrusted requests.

  • Chatbox

    Load More
    You don't have permission to chat.
  • Upcoming Events

    No upcoming events found
  • Topics

  • Latest Rooms

Forums

    1. Learn

      You want to learn ? create your room here !

    2. Teach

      You want to teach ? create your room here !

    3. Challenges

      Play challenges with your friends !

  1. Community

    1. General

      You can talk freely about what you want

      11
      posts
    2. Introductions

      You just signed up ? This section is made for you. Do not hesitate to introduce yourself to better integrate you in the community!

      164
      posts
    3. Rules

      All Exploit-Zone rules / information are available here. Thank you for consulting them.

      95
      posts
    4. Suggestions

      Come help us improve the forum!

      4
      posts
    5. Update

      All updates of the platform is available here!

      8
      posts
    6. Youtube Courses

      YouTube tutorials are all here!

      14
      posts
    7. Help

      Do you have any questions? Post here! 

      • No posts here yet
    8. Graphics

      All Exploit-Zone Graphics

      • No posts here yet
  2. Application

    1. Crypter

      You will find software that allows the escape of antivirus

      6
      posts
    2. Keyloggers

      here you will find the keyloggers, At your keyboard!

      6
      posts
    3. R.A.T

      Here you will find the Remote Administration Tool software!

      3
      posts
    4. Stealers

      it's software steal the password stored on the victim's computer, Shh ..

      • No posts here yet
    5. Miscellaneous

      You will find all other types of software usable under windows

      7
      posts
  3. Dox

    1. Collect

      How to get information about a person?

      8
      posts
    2. Locate

      How to locate a person?

      3
      posts
    3. Exploit

      How to exploit your victim !

      • No posts here yet
    4. Report

      How to report elements obtained?

      5
      posts
  4. Anonymity

    1. Identity

      Create an new identity is very important ! How make this ?

      6
      posts
    2. Web

      Surfing on the web can be dangerous, take precaution !

      2
      posts
  5. Cracking

    1. Software

      You will find software capable of performing account cracking

      27
      posts
    2. Combo

      You will find the combos User: Password

      11
      posts
    3. Proxy

      Proxy are very important ! or you want to go jail maybe ?

      2
      posts
    4. Config

      Here you can find all cracking software configuration

      1
      post
    5. Dorks

      Thanks google to make hacking easy !

      5
      posts
  6. Pentest

    1. Informations Gathering

      Information gathering is the most important phase

      • No posts here yet
    2. Network Discover

      How to know what's on the network

      • No posts here yet
    3. Vulnerability Analysis

      Can you find the way to enter ?

      9
      posts
    4. Evasion

      Avoid IPS IDS and Dirt AV !

      2
      posts
    5. Enumeration

      Enumeration is the key to success !

      • No posts here yet
    6. BruteForce

      After a while will find the password!

      • No posts here yet
    7. Exploit

      Exploit all the vulnerabilities! 

      6
      posts
    8. Reporting

      Summary what you have found can be useful right?

      • No posts here yet
    9. Web

      The web and its depth!

      5
      posts
    10. Exfiltrate

      Remove your tracks to stay invisible..

      • No posts here yet
    11. Defender

      Where you can stop attacker

      1
      post
  7. Scripts

    1. Bash

      You think you dont need bash ? hahaha

      3
      posts
    2. C & C++ & C#

      Scripts for windobe

      • No posts here yet
    3. Perl

      All perl script

      1
      post
    4. PHP Shells

      the doors of the hell begin here

      2
      posts
    5. Python

      Automate script are really powerful !

      6
      posts
  8. Operating Systems

    1. Linux

      Because i know you love it ! 

      6
      posts
    2. Windows

      Because i know you dont love it ! ?

      9
      posts
    3. Android

      All hack you can do on android phone

      2
      posts
    4. Apple

      All hack you can do on Apple phone

      • No posts here yet
  9. Social Engineering

    1. Phishing

      And isn't fish..

      1
      post
    2. Spoofing

      Oh it's a stealer ?

      • No posts here yet
    3. VOIP

      THE voice of happiness

      • No posts here yet
  10. VIP

    1. Combos

      The VIP Combs !

      • No posts here yet
×