Summary
Welcome to my write up for the Exploit-Exercises - Nebula wargame. I will begin this write up with some information from the wargame. If you would like to play this wargame, you can follow the links to download the VM.
In this writeup, I will be going through the levels in order. I will explain the solution to each level as clearly as possible. Just note, that this write up may not be complete. I will be editing it in chunks.
The level introductions needed to be pulled using Internet Archive’s Wayback Machine. At the time of writing this, it looks like the Exploit-Exercises website is offline.
About
Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It looks at
- SUID files
- Permissions
- Race conditions
- Shell meta-variables
- $PATH weaknesses
- Scripting language weaknesses
- Binary compilation failures
At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.
Levels
Have a look at the levels available on the side bar, and log into the virtual machine as the username “levelXX” with a password of “levelXX” (without quotes), where XX is the level number.
Some levels can be done purely remotely.
Getting root
In case you need root access to change stuff (such as key mappings, etc), you can do the following:
Log in as the “nebula” user account with the password “nebula” (both without quotes), followed by “sudo -s” with the password “nebula”. You’ll then have root privileges to change whatever needs to be changed.
Nebula - Level00
About
This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking directories.
Alternatively, look at the find man page.
To access this level, log in as level00 with the password of level00.
Source code
There is no source code available for this level.
Solution
No solution for this level currently. Please check back later.