Browsed by
Category: Nebula

Nebula challenges from https://exploit-exercises.com/

Nebula Level19: A Newbie’s Approach

Nebula Level19: A Newbie’s Approach

We reached the last challenge of Nebula exercises, level19. This challenge deals with the basic way on how processes work on Linux systems.   What you’ll need to know… Processes on Unix   Level19 Looking at the code on the main page of level19, we quickly see something interesting, the execution of a shell. The problem is the shell will only run if the user root started the program flag19. If we were root and ran the program, we would…

Read More Read More

Nebula Level18: A Newbie’s Approach

Nebula Level18: A Newbie’s Approach

On the present challenge, level18, there are three ways of exploiting the program. I’m going to take the easiest one   What you’ll need to know… –rcfile option   Level18 After analyzing the code presented, I was able to identify one vulnerability on login function. In this function, the program tries to open the password file, present in /home/flag18. If you can open it, you’ll have a file pointer to the password file, but if it can’t, it’ll log you…

Read More Read More

Nebula Level17: A Newbie’s Approach

Nebula Level17: A Newbie’s Approach

On level17 we have a python script listening on port 10007. In order to solve this challenge we’ll have to connect to this port and provide some input.   What you’ll need to know… Python   Level17 Looking at the code, we can identify one module, known to be vulnerable. On top of that, it accepts input from the user, so it’s probably a good place to start testing. Before we actually start doing something, take a look at the…

Read More Read More

Nebula Level16: A Newbie’s Approach

Nebula Level16: A Newbie’s Approach

Just like level07, level16 has a Perl script that we need to analyze and has also a vulnerability as expected: input not sanitized. Let’s exploit it.   What you’ll need to know… Perl   Level16 As stated in the main page of this challenge, level16 has a script running on port 1616. We can see that the script is composed by two subroutines, login and htmlz. Also, it’s possible to understand from this script that the username will be converted…

Read More Read More

Nebula Level15: A Newbie’s Approach

Nebula Level15: A Newbie’s Approach

Until now, level15 was the challenge that took me more time to solve. I was really stuck, because there was a lot of subjects new for me and it took me a little bit to get comfortablewith them. Level15 is the next level of level13 challenge. Now, I’m ready to write about this exercise, so let’s dig in.   What you’ll need to know… C language   Level15 When we strace the flag15, as suggested in the main page of…

Read More Read More

Nebula Level14: A Newbie’s Approach

Nebula Level14: A Newbie’s Approach

Level14 is a simple challenge, which is why I’ll solve it quickly. You will need knowledge in one programming language if you want to solve this without too much hard work. If not, you can solve it only consulting an ASCII table.   What you’ll need to know… Some programming language   Level14 In level14, we have a simple program that encrypts input. We run flag14 with the option -e and the program will wait for input. After you provide…

Read More Read More

Nebula Level13: A Newbie’s Approach

Nebula Level13: A Newbie’s Approach

I sure miss radare2, it’s a fact! So, when I looked at the level13 code and realized that it hidden some token, radare2 was the first thing that came to my mind. But being honest, this will most likely be a trivial task using radare2, and I’m most interested in learning something new, getting out of my comfort zone. So I went to check what others did and I found something new and fun.   What you’ll need to know……

Read More Read More

Nebula Level12: A Newbie’s Approach

Nebula Level12: A Newbie’s Approach

Level12 shows again the problem of input sanitization, demonstrated on one small Lua program. As usual, let’s try to obtain a shell under flag12 account.   What you’ll need to know… Lua programming language   Level12 First time using Lua, here. I knew about this programming language, but never had the opportunity to try it, although, it was (is 🙂 ) on my TODO list. So, we have a small program listening on port 50001. When you connect to it,…

Read More Read More

Nebula Level11: A Newbie’s Approach

Nebula Level11: A Newbie’s Approach

Level11 is once more a good challenge to understand the importance of careful designing of SUID programs and the sanitization of all the input, either if it comes from an user or some other source.   What you’ll need to know… C Level 7 (So you can create your own SUID program)   Level11 Before we go through this challenge, let me make an aside note. After facing some problems, I decided to google about this challenge, where I ended…

Read More Read More

Nebula Level10: A Newbie’s Approach

Nebula Level10: A Newbie’s Approach

Level10 introduces the Time-of-check Time-of-use (TOCTOU) vulnerability, well described in the CWE website.   What you’ll need to know… C   Level10 I’ll quickly explain the TOCTOU vulnerability using a simple example. Consider the following lines of code. if(!access(abc_file, W_OK)){   fp = fopen(abc_file, “w+”);   write(fp, “moveax”, sizeof(“moveax”)); } else{   fprintf(stderr, “Sorry, but you don’t have permissions to write to this file!\n”); } It’s a simple piece of code, it checks if you have access to the file…

Read More Read More