Hacking Challenges

I Got My Computer Back!

June 4th, 2009 by Patchy
It’s been several years,… but finally Patchy and his computer are reunited at last Download Here

Posted in News, Vblog | 9 Comments

Email Injection

June 2nd, 2009 by Patchy
Now that I finally got rid of WP-Forum, I can show you guys an Email Injection flaw that existed in that forum. An Email Injection flaw occur when a form is added to a web page that submits data to an email application, and user input is not filtered properly. A malicious user can exploit the MIME format to append additional information to the message being sent. This is possible because the MIME format uses a carriage return to delimit the information in a message. Adding carriage returns to submitted form data can allow an email application to be used to send thousands of messages at once. A spammer could exploit this to send large numbers of messages anonymously. Full Scale Video Here
Download Here

Posted in Vblog | No Comments

Infinity Exists Updates!!

June 2nd, 2009 by Patchy
Nox and I haven’t made any new Full Disclosure episodes in a while because we have been busy with school. However, we have made a few updates to the website. Infinity Exists now has a new forum! We finally got rid of the old shitty WP-Forum, and we are now using Simple:Press Forum. Also, I was able to transfer all the old threads and posts to the new forum. The new forum has several new features such as PMs, topic watching, RSS, Who’s online, and etc., so go check it out! Nox and I have decided that we could use a few moderators to help use manage the forums, and help us develop projects for Infinity Exists. Projects like creating an IRC server, and setting up hacking boxes. If you would like to become a moderator send an email to Another website update is the new Photo section. I have a lot of random pictures that I thought you guys might like, so I decided to put them on the website. Nox and I are now on summer break, so we will be releasing some new episodes soon! Download Here

Posted in News, Vblog | No Comments

Underground – Local File Inclusion

May 27th, 2009 by Patchy
Ground Zero’s Underground Video demonstrates how to use Local File Inclusion (LFI). LFI is an attack where a user is able manipulate the file that is include on a web page. An attacker can use LFI to view files on a web server, or in special cases, run arbitrary code on the web server. Ground Zero shows how to use LFI to create a PHP shell and gain full access to a website. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send an email describing your video to

Posted in Underground | No Comments

Underground – Windows Privilege Escalation

May 26th, 2009 by Patchy
In this Underground Video, Crash Overron explains a simple way to escalate privileges in Windows XP. A standard user in XP can use the “at” command to schedule a program to run at a specific time. That program will be executed with SYSTEM privileges. Crash uses the “at” command to open a command prompt, and then uses it to reopen Explorer with SYSTEM privileges. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send an email describing your video to

Posted in Underground | 4 Comments

Jerry Sanders Design Competition

April 7th, 2009 by Patchy
This year I became the UIUC IEEE branch IT Director and a few weeks ago, at the University of Illinois’ annual Engineering Open House, the UIUC IEEE branch and I competed in the AMD Jerry Sanders Design Competition (JSDC). JSDC is a robotics competition where teams design robots to complete specific tasks. This years competition was a large scale game of tic-tac-toe. Basically, each team had to create a robot that could pick up an air-filled balloon and place it in boxes which represented tie-tac-toe squares. The robots have to complete various objectives to obtain their teams balloons. The tasks included pushing a button, hitting a switch, opening a door, and pushing down a balanced titer-toter. Once a team places their balloon into a box, it would remain under the team’s control until another team takes control by placing their balloon into it. At the end of an eight or ten minute round points would be given to teams which controlled three boxes in a round. Furthermore, teams would be awarded points for unlocking their balloons and placing them into a box. The strategy used by the majority of teams was to place as many balloons into a single box instead of trying to obtain a tic-tac-toe. The competition was a single elimination tournament where four robots competed at a time. Your place in the bracket was decided by your standings after seven round robin matches. A total of sixteen different teams from a vary of different colleges competed in the JSDC, and the IEEE team placed third in the tournament!

A friend of mine and myself videotaped all of the rounds that we completed in. Check them out!


Demolition Round!! IEEE took 2nd!

Demolition Round
Round Robin – 1st Match
Round Robin – 2nd Matchonline casino
Round Robin – 3rd Match
Round Robin – 4th Match
Round Robin – 5th Match
Round Robin – 6th Match
Round Robin – 7th Match


Posted in Vblog | 1 Comment

Ping of Death

March 6th, 2009 by Patchy
I decided to do a video on the Ping of Death because a lot of people just starting out in hacking have heard of it, but don’t know exactly want it is. Also, they still believe it is a useful attack today. You can go on Youtube and watch tons of videos of kids making batch files that send pings with random payload sizes; however, this is horribly incorrect. The Ping of Death basically crashes a computer by sending a ping (aka ICMP ECHO request) with a packet greater than 65,535 bytes, and the reason this causes problems is because an IP packets can only be up to 65,535 bytes long. Packets that are bigger than the maximum size are fragmented into smaller packets, which are then reassembled by the receiver. Typically, machines don’t process the packet until all fragments have been received. When the machine tries to reassemble the packet it causes an overflow in internal variables, which can lead to a system crash. Some vulnerable operating systems are Windows 95, Windows NT, Windows 3.11, MSDOS, Mac OS 7, Solaris (x86) 2.4 & 2.5, and Linux versions <= 2.0.23. Modern Operating Systems are not vulnerable to the Ping of Death! Also, in this video I explain the popular Smurf Denial of Service Attack, and I rant about Windows 95. Full Scale Video Here
Download Here


Posted in Vblog | 5 Comments

Underground – Bluetooth Hacking

February 26th, 2009 by Patchy
In this Underground Video, Strome explains several bluetooth attacks used against mobile phones. He demonstrates the Bluebug attack which exploits a security loophole on cell phones allowing the attacker to take full control of the device. The Bluebug attack enables an attacker to initiate calls, read & send SMS messages, read & edit the phone book, and change settings. Furthermore, Strome shows another popular bluetooth attack called Bluesnarfing a.k.a. the OBEX Push Attack. Bluesnarfing allows an attacker to extract, create, and delete files on the mobile device.

Note: These bluetooth attacks only work on a hand full of cell phones. Full Scale Video Here
Download Here

If you would like to submit a video to Infinity Exists Underground send an email describing your video to

Posted in Underground | 22 Comments

Deep Freeze

January 23rd, 2009 by Patchy
Deep Freeze is a program for Windows that protects the core operating system files and configuration files without eliminating the usability for end users. Deep Freeze allows users to make virtual changes to the system, but upon reboot the frozen state of the operating system is restored. Deep Freeze is an great program; however, with poor security policies it can be foiled. In this video, I describe a few methods to circumvent Deep Freeze’s security. Full Scale Video Here
Download Here

Posted in Vblog | 7 Comments

Patchy’s Top 5 DOS Games

January 18th, 2009 by Patchy
Recently I repaired my first computer, an old 386 PC running MS-DOS 5.0, and when I booted the machine I found several of my favorite DOS games. In this vblog, I discuss my top 5 favorite DOS games from childhood. The games on my list had to meet a few requirements: it obviously had to be a DOS game and my 386 PC had to be able to run it. If you haven’t played these games most of them are available from Full Scale Video Here
Download Here

Posted in Vblog | 6 Comments

<< Previous Entries Next Entries >>