So going forward to the Nebula 05, we now have to find some sort of weak permissions somewhere to escalate from level05 to flag05. In searching through the flag05 home directory, I saw a “.backup” folder containing a copy of the user’s old ssh keys. I extracted the archive to the …

I really like Nebula 04, because it is really easy, but still a commonly missed thing in programming. The object of this challenge is to find a vulnerability and exploit this C++ program. #include <stdlib.h> #include <unistd.h> #include <string.h> #include <sys/types.h> …

In this challenge, we can see that there’s no code for us to exploit, it’s something in the system. I log in to the system, and look in the /home/flag03 folder, as all the other challenges have started. I see there’s a writable.sh script, which I was guessing was the script getting …

In this challenge, we’re again provided with the source code to the vulnerable program. Only this time, they’re not loading the “echo” program from the environment’s path. #include <stdlib.h> #include <unistd.h> #include <string.h> #include …

Continuing from my previous post, I started tinkering with the next Nebula wargame: Nebula 01. This one gives you some C code, which has a bug in it. You have to exploit that bug. #include <stdlib.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include …

Recently, I’ve been getting more and more back into computer security, one of my favorite topics. Part of this is research, and part is more practical, such as wargames or labs. One newer wargame that I’ve been playing is called “Nebula”, from the guys over at …