Posts

Showing posts from 2019

Nebula Level01

Level01 Task There is a vulnerability in the below programs to be executed, can you find it? To do this level, log in as the level01 account with password level01. Files for this level can be found in /home/flag01. Source code (level1.c) download 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> #include <stdio.h> int main ( int argc , char ** argv , char ** envp ) { gid_t gid ; uid_t uid ; gid = getegid (); uid = geteuid (); setresgid ( gid , gid , gid ); setresuid ( uid , uid , uid ); system ( "/usr/bin/env echo and now what?" ); } Solution We login into the machine: ssh level01@192.168.195.5  From the given task, files are in " flag01 " home: level01@nebula:~$ cd /home/flag01  level01@nebula:/home/flag01$ ls    flag01               ...

Nebula Level00

Image
Level00 Task This level requires you to find a Set User ID program that will run as the "flag00" account. You could also find this by carefully looking in the top-level directories in/for suspicious looking directories. Alternatively, look at the find man page. To access this level, log in as level00 with password level00. Solution For this level, we have been provided with a username and password to log in to the nebula machine which for my current setup has an address of 192.168.195.10 so we can easily ssh into the machine. ssh level00@192.168.195.5 So, what is expected of us is to find a Set User ID program. But what is a set User ID program? In simplest terms, a Set User ID program is a Linux program that has the setuid flag set. So what is a setuid flag? A setuid flag is a Linux file permission flag which when set allow users to run executable file with the permission of the file's owner. Why is finding a setuid program important in a privilege esc...

Nebula VM Intro...

I was preparing for class when I recalled that it has been weeks since my first post  then I thought to myself it's probably because of school, but remembered something I read in Phineas Fisher's paper " if not you, who? if not now, when? " and hence this post. The truth is during the past weeks I have gathered a lot of content for the blog, I just haven't had the time to properly document and post, so after a lot of thought I have decided to start with a walkthrough of the Nebula VM , there is already a lot of walkthroughs on the internet on this machine, but I thought one extra post won't hurt, moreover my aim is to make my post different from most technical post I have seen online, how do I plan to this? most posts I come across on the internet show how to do something, not why and I think that approach most of the time leaves a beginner confused, therefore what I intend to do on this blog is to show the reader why we do what we do. Disclaimer: All con...

Before You Dive In...

I have always wanted to write, partly to improve my writing skills but also to document my research in reverse code engineering, software exploitation and computer programming in general, my current goal is to have at least a post a week, but since am just starting out I do not know how feasible that will be considering school and my need for quality over quantity. In the coming weeks, I will post on varying topics from software reverse engineering to exploitation and basically anything that interest me. My primary aim is just to cement my knowledge in my fields of interest by giving back to the community as I learn and hopefully along the way help someone trying to learn. A quick disclaimer though is that I am no professional at either writing or the subject on which I will be writing (at least for now),  am just trying to navigate through the vast ocean of knowledge hoping to pick one or two things along the way, so corrections, constructive criticism, and even unconstructive o...