Browsed by
Category: Nebula

Nebula challenges from https://exploit-exercises.com/

Nebula Level04: A Newbie’s Approach

Nebula Level04: A Newbie’s Approach

With level04 challenge we are supposed to exploit the weak permissions of flag04’s file. As always, my main objective is to get a shell under the flag04 account.   What you’ll need to know… Symbolic links Basic Unix commands   Level04 For this challenge, we have some code to analyze. By reading this code, it’s possible to understand that flag04 takes one argument by looking at the first if condition. From the analysis of the second condition, we can conclude…

Read More Read More

Nebula Level03: A Newbie’s Approach

Nebula Level03: A Newbie’s Approach

Level03 is no longer about SUID vulnerable programs like previous exercises, but about permissions. Because I just learn about SUID programs in the last challenges, I’ll create my own in order to solve this exercise. What you’ll need to know… Cron jobs C/Bash programming Basic Unix command   Level03 In this challenge, we are given the information that there is a cron running every couple minutes. If you navigate to flag03 folder, you’ll notice a file, writable.sh, which has some…

Read More Read More

Nebula Level02: A Newbie’s Approach

Nebula Level02: A Newbie’s Approach

I see level02 as a combination of the previous two exercises, level00 and level01. Let’s dig in and work through the solution.   What you’ll need to know… Basic Unix commands   Level02 First, we can see that flag02 program in the /home/flag02 directory has the SUID bit set, which means that this program will run under the flag02 user. By taking a quick look at the original code of flag02, it’s very easy to identify what is most likely…

Read More Read More

Nebula Level01: A Newbie’s Approach

Nebula Level01: A Newbie’s Approach

Still under the SUID programs category, level01 makes use of another trick in order to be solved, the manipulation of environment variables.   What you’ll need to know… Use ln command Environment Variables Other basic Unix commands   Level01 If we analyze the code of level01 program, one of the first things that I notice is the use of a C function, system, and although it doesn’t receive input from the user, it’s still exploitable. Time to run the flag01…

Read More Read More

Nebula Level00: A Newbie’s Approach

Nebula Level00: A Newbie’s Approach

Level00 falls in the category of SUID files which is something that I heard about but never had any practical experience. The goal here is to collect the flag through the getflag command.   What you’ll need to know… find command Other basic Unix commands   Level00 The instructions for level00 state that we need to find a SUID program which run as flag00 account. First things first. A Set User ID (SUID) program is a risky type of file…

Read More Read More