Nebula 06 is a retro challenge. The description of the problem says “The flag06 account credentials came from a legacy unix system.” This instantly made me think to check out the password file, /etc/passwd. Back in “the old days”, unix systems stored their passwords in …

So going forward to the Nebula 05, we now have to find some sort of weak permissions somewhere to escalate from level05 to flag05. In searching through the flag05 home directory, I saw a “.backup” folder containing a copy of the user’s old ssh keys. I extracted the archive to the …

I really like Nebula 04, because it is really easy, but still a commonly missed thing in programming.

The object of this challenge is to find a vulnerability and exploit this C++ program.

#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h> …

In this challenge, we can see that there’s no code for us to exploit, it’s something in the system. I log in to the system, and look in the /home/flag03 folder, as all the other challenges have started. I see there’s a writable.sh script, which I was guessing was the script …

In this challenge, we’re again provided with the source code to the vulnerable program. Only this time, they’re not loading the “echo” program from the environment’s path.

#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include …

Continuing from my previous post, I started tinkering with the next Nebula wargame: Nebula 01. This one gives you some C code, which has a bug in it. You have to exploit that bug.

#include <stdlib.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include …