My eWPT review is almost done, but it's make no sense to post it, as I'm still waiting for the result to arrive.
Oh well...
I will continue with the start of another series and interrupt it with the review later on. Stay tuned.
Spoiler: eWPT is nice
Oh well...
I will continue with the start of another series and interrupt it with the review later on. Stay tuned.
Spoiler: eWPT is nice
A bunch of upcoming post will be all about wargames from https://exploit.education/, formerly known as exploit-exercises.com.
It's a great collection of virtual machines that could help to develop essential skills for vulnerability research, and exploit development.
It might seem too simple at the beginning, but the learning curve will smash me shortly, no doubt in that.
It's a great collection of virtual machines that could help to develop essential skills for vulnerability research, and exploit development.
It might seem too simple at the beginning, but the learning curve will smash me shortly, no doubt in that.
I realized it's hard to keep up in series like that (because of the same picture, maybe?). They all look alike!
I'll try to add more context to each post for that sake.
In level 5 of Nebula wargame we will learn a bit about privileges in Linux, and how you can a private ssh key that you might find in the backup of a compromised computer.
#exploitdev #nebula
https://telegra.ph/Nebula---05-10-26
I'll try to add more context to each post for that sake.
In level 5 of Nebula wargame we will learn a bit about privileges in Linux, and how you can a private ssh key that you might find in the backup of a compromised computer.
#exploitdev #nebula
https://telegra.ph/Nebula---05-10-26
Telegraph
Nebula - 05
> Source code There is no source code available for this level. > Getting the flag By checking the flag05 directory we can find unprotected .backup folder: level05@nebula:/home/flag05$ ls -lah total 9.0K drwxr-x--- 1 flag05 level05 80 2021-06-16 00:17 . drwxr…
Let's crack some passwords! In the level 6 of #nebula wargame we will learn how to crack the hash of the password.
#exploitdev
https://telegra.ph/Nebula---06-10-26
#exploitdev
https://telegra.ph/Nebula---06-10-26
Telegraph
Nebula - 06
> Source code There is no source code available for this level. > Getting the flag Nothing interesting in the /home/flag06 folder, but by poking around in previous challenges I noticed that flag06 user has the hashed password in the /etc/passwd: level06@…
Finally! The fun part starts here. All levels before that were to warm up.
In the level 7 of the #nebula wargame we got the source code of the application. We need to read, understand, and find how to exploit the bug there.
#exploitdev
https://telegra.ph/Nebula---07-10-26
In the level 7 of the #nebula wargame we got the source code of the application. We need to read, understand, and find how to exploit the bug there.
#exploitdev
https://telegra.ph/Nebula---07-10-26
Telegraph
Nebula - 07
> Source code #!/usr/bin/perl use CGI qw{param}; print "Content-type: text/html\n\n"; sub ping { $host = $_[0]; print("<html><head><title>Ping results</title></head><body><pre>"); @output = `ping -c 3 $host 2>&1`; foreach $line (@output) { print "$line";…
Finding the password from the next level of #nebula wargame in the TCP stream by using Wireshark.
#exploitdev
https://telegra.ph/Nebula-08-09-20
#exploitdev
https://telegra.ph/Nebula-08-09-20
Telegraph
Nebula - 08
> Source code There is no source code available for this level. > Getting the flag The .pcap file is in the flag08 folder, let’s download it to the main machine and analyze it with Wireshark. One of the ways could be spawning a SimpleHTTPServer on the machine:…
In this #nebula challenge, we will analyze and exploit the vulnerable PHP code wrapped around in a C SUID binary.
#exploitdev
https://telegra.ph/Nebula-09-09-20
#exploitdev
https://telegra.ph/Nebula-09-09-20
Telegraph
Nebula - 09
> Source code <?php function spam($email) { $email = preg_replace("/\./", " dot ", $email); $email = preg_replace("/@/", " AT ", $email); return $email; } function markup($filename, $use_me) { $contents = file_get_contents($filename); $contents…
So PortSwigger (folks who made Burp Suite and Web Academy) finally decided to make their own #cert. It costs $99, but if you will purchase it before Dec 15th they reimburse the whole amount. That could kill the eWPT 🤔
https://portswigger.net/web-security/certification
https://portswigger.net/web-security/certification
This again. I had to postpone all other activities to make it fly… I really doubt that I’ll take any other eLearnSecurity #cert, what a shame
Exploiting a Race Condition vulnerability in the level 10 of #nebula!
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
Telegraph
Nebula - 10
> Source code #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host;…