Challenge 10 is another nostalgic one for me. Back when I was first starting with linux, I remember reading about overflows and race conditions. This challenge is the latter, a race condition.

We’re given a C/C++ app to exploit:

#include <stdlib.h>
#include <unistd.h>
#include …

Challenge 09 gave me the most issues out of any other challenge so far. This may just be because I haven’t touched PHP since version 3 was just coming out. However, it is based on a dangerous function, known as preg_replace(). There are several more dangerous functions, some of which can be …

Challenge 08 is more of a real-world challenge than some of the others have been. It’s also very dear to my heart, getting back to my networking roots.

You are instructed simply to check out what the level08 user has been up to. This is fairly easy, since when you login as level08, you see …

This next challenge is a little bit more tricky than some of the previous ones. There’s a lot more code involved, but it’s not too bad.

In the flag07 home directory, you’ll find the configuration for a simple http server, thttpd.conf. Inside, you’ll find that it’s …

Nebula 06 is a retro challenge. The description of the problem says “The flag06 account credentials came from a legacy unix system.” This instantly made me think to check out the password file, /etc/passwd. Back in “the old days”, unix systems stored their passwords in …

So going forward to the Nebula 05, we now have to find some sort of weak permissions somewhere to escalate from level05 to flag05. In searching through the flag05 home directory, I saw a “.backup” folder containing a copy of the user’s old ssh keys. I extracted the archive to the …