Thursday, December 1, 2011

Home exploit-exercises hacking linux Nebula suid wargames Exploit Exercises - Nebula 00

Exploit Exercises - Nebula 00

, , , , ,
Recently, I've been getting more and more back into computer security, one of my favorite topics.  Part of this is research, and part is more practical, such as wargames or labs.  One newer wargame that I've been playing is called "Nebula", from the guys over at Exploit-Exercises.  If you're interested in security, please check out their site, as well as many other wargames.  If this goes successfully, perhaps I'll start going through my notes of other wargames, publishing them as well.

For level 00, it's fairly introductory. You're supposed to find a SUID program, that you can run as the "flag00" user.  I read a little on the find manual, since I don't use the more advanced features often, and came up with this:

level00@nebula:~$ find / -executable -user flag00 2> /dev/null
/home/flag00
/bin/.../flag00

This find command, should show all files that are executable and owned by the user "flag00".  The "2> /dev/null" is just to redirect the standard error output to null, so I don't see all the "Permission Denied" errors.  
It looks like it found the flag00 user's home folder, as well as an executable hidden in /bin/.../.  I then executed it, which granted me access to the flag00 user.  From there, I ran the "getflag" command, which I don't think actually does anything on this VM, but oh well.

level00@nebula:~$ /bin/.../flag00
Congrats, now run getflag to get your flag!
flag00@nebula:~$ getflag
You have successfully executed getflag on a target account

There you have it, the first level down. It was trivial, but still a good learning experience.
Labels:
Author Image

Author: Unknown
Waythemes is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design

Follow The Author
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Popular

  • Using .net to bypass AV
    Using .net to bypass AV
    I've read a ton of articles on bypassing Antivirus software when trying to run shellcode on machines. There's just a ton available....
  • Buffer Overflow in HexChat 2.9.4
    Buffer Overflow in HexChat 2.9.4
    A buddy of mine, Mulitia , and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low...
  • Exploit Exercises - Nebula 01
    Continuing from my previous post, I started tinkering with the next Nebula wargame: Nebula 01 .  This one gives you some C code, which has ...
  • Sysax 5.64 HTTP Remote Buffer Overflow
    Sysax 5.64 HTTP Remote Buffer Overflow
    I have discovered a bug in the Sysax Multi-Server application .  More specifically, it's in the HTTP File Server service, which is not e...
  • Exploit Exercises - Protostar Stack 5
    Wow, this challenge was a tough one for me. I ran into some huge problems that I had to work out. Considering this is a "standard buf...
  • PWB Conclusions and the Future
    PWB Conclusions and the Future
    The results As I posted previously , I was taking the PWB course from Offensive Security . I am happy to report that I passed with ...
  • Exploit Exercises - Nebula 02
    In this challenge, we're again provided with the source code to the vulnerable program. Only this time, they're not loading the ...
  • Sysax Multi Server 6.10 SSH DoS
    Sysax Multi Server 6.10 SSH DoS
    I was recently fuzzing a bunch of SSH servers, hoping to find some remote code execution in a non-mainstream server. I ended up finding no c...
  • OverTheWire Natas Level 5
    OverTheWire Natas Level 5
    Now that we're about 1/3 through to the end of the OverTheWire Natas wargame, I'm hoping that they start to get a little more trick...
  • Origin of the name "Pentium"
    I was reading about x86 assembly, and stumbled upon the origin of the name "Pentium". I never knew it was due to course disallowi...

Recent

Comments