I realized it's hard to keep up in series like that (because of the same picture, maybe?). They all look alike!
I'll try to add more context to each post for that sake.
In level 5 of Nebula wargame we will learn a bit about privileges in Linux, and how you can a private ssh key that you might find in the backup of a compromised computer.
#exploitdev #nebula
https://telegra.ph/Nebula---05-10-26
I'll try to add more context to each post for that sake.
In level 5 of Nebula wargame we will learn a bit about privileges in Linux, and how you can a private ssh key that you might find in the backup of a compromised computer.
#exploitdev #nebula
https://telegra.ph/Nebula---05-10-26
Telegraph
Nebula - 05
> Source code There is no source code available for this level. > Getting the flag By checking the flag05 directory we can find unprotected .backup folder: level05@nebula:/home/flag05$ ls -lah total 9.0K drwxr-x--- 1 flag05 level05 80 2021-06-16 00:17 . drwxr…
Let's crack some passwords! In the level 6 of #nebula wargame we will learn how to crack the hash of the password.
#exploitdev
https://telegra.ph/Nebula---06-10-26
#exploitdev
https://telegra.ph/Nebula---06-10-26
Telegraph
Nebula - 06
> Source code There is no source code available for this level. > Getting the flag Nothing interesting in the /home/flag06 folder, but by poking around in previous challenges I noticed that flag06 user has the hashed password in the /etc/passwd: level06@…
Finally! The fun part starts here. All levels before that were to warm up.
In the level 7 of the #nebula wargame we got the source code of the application. We need to read, understand, and find how to exploit the bug there.
#exploitdev
https://telegra.ph/Nebula---07-10-26
In the level 7 of the #nebula wargame we got the source code of the application. We need to read, understand, and find how to exploit the bug there.
#exploitdev
https://telegra.ph/Nebula---07-10-26
Telegraph
Nebula - 07
> Source code #!/usr/bin/perl use CGI qw{param}; print "Content-type: text/html\n\n"; sub ping { $host = $_[0]; print("<html><head><title>Ping results</title></head><body><pre>"); @output = `ping -c 3 $host 2>&1`; foreach $line (@output) { print "$line";…
Finding the password from the next level of #nebula wargame in the TCP stream by using Wireshark.
#exploitdev
https://telegra.ph/Nebula-08-09-20
#exploitdev
https://telegra.ph/Nebula-08-09-20
Telegraph
Nebula - 08
> Source code There is no source code available for this level. > Getting the flag The .pcap file is in the flag08 folder, let’s download it to the main machine and analyze it with Wireshark. One of the ways could be spawning a SimpleHTTPServer on the machine:…
In this #nebula challenge, we will analyze and exploit the vulnerable PHP code wrapped around in a C SUID binary.
#exploitdev
https://telegra.ph/Nebula-09-09-20
#exploitdev
https://telegra.ph/Nebula-09-09-20
Telegraph
Nebula - 09
> Source code <?php function spam($email) { $email = preg_replace("/\./", " dot ", $email); $email = preg_replace("/@/", " AT ", $email); return $email; } function markup($filename, $use_me) { $contents = file_get_contents($filename); $contents…
So PortSwigger (folks who made Burp Suite and Web Academy) finally decided to make their own #cert. It costs $99, but if you will purchase it before Dec 15th they reimburse the whole amount. That could kill the eWPT 🤔
https://portswigger.net/web-security/certification
https://portswigger.net/web-security/certification
This again. I had to postpone all other activities to make it fly… I really doubt that I’ll take any other eLearnSecurity #cert, what a shame
Exploiting a Race Condition vulnerability in the level 10 of #nebula!
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
Telegraph
Nebula - 10
> Source code #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host;…
Damn, this level of #nebula took way more time than it should. I hate fixing bugs in old projects...
#exploitdev
https://telegra.ph/Nebula---11-11-11
#exploitdev
https://telegra.ph/Nebula---11-11-11
Telegraph
Nebula - 11
Alright, first thing first - this level is broken. Let's admit it - Nebula is a pretty old project, and it seems abandoned now. Anyhow, challenges itself are quite nice, they are twisted in a way that force you to think as an attacker. In my opinion, this…
Phew, that was a long waiting game, but I'm finally eWPT certified!
I documented my journey here:
https://telegra.ph/eWPT-review-10-15
#cert #web #review
I documented my journey here:
https://telegra.ph/eWPT-review-10-15
#cert #web #review
Telegraph
eWPT review
> Table of Content Introduction About the eWPT course Expectations Before taking the course Lab time The exam Closing thoughts Useful resources > Introduction Some time ago I passed the OSCP, and that wasn't a breeze. You can reed more on that here. I promised…