I realized it's hard to keep up in series like that (because of the same picture, maybe?). They all look alike!
I'll try to add more context to each post for that sake.
In level 5 of Nebula wargame we will learn a bit about privileges in Linux, and how you can a private ssh key that you might find in the backup of a compromised computer.
#exploitdev #nebula
https://telegra.ph/Nebula---05-10-26
I'll try to add more context to each post for that sake.
In level 5 of Nebula wargame we will learn a bit about privileges in Linux, and how you can a private ssh key that you might find in the backup of a compromised computer.
#exploitdev #nebula
https://telegra.ph/Nebula---05-10-26
Telegraph
Nebula - 05
> Source code There is no source code available for this level. > Getting the flag By checking the flag05 directory we can find unprotected .backup folder: level05@nebula:/home/flag05$ ls -lah total 9.0K drwxr-x--- 1 flag05 level05 80 2021-06-16 00:17 . drwxr…
Let's crack some passwords! In the level 6 of #nebula wargame we will learn how to crack the hash of the password.
#exploitdev
https://telegra.ph/Nebula---06-10-26
#exploitdev
https://telegra.ph/Nebula---06-10-26
Telegraph
Nebula - 06
> Source code There is no source code available for this level. > Getting the flag Nothing interesting in the /home/flag06 folder, but by poking around in previous challenges I noticed that flag06 user has the hashed password in the /etc/passwd: level06@…
Finally! The fun part starts here. All levels before that were to warm up.
In the level 7 of the #nebula wargame we got the source code of the application. We need to read, understand, and find how to exploit the bug there.
#exploitdev
https://telegra.ph/Nebula---07-10-26
In the level 7 of the #nebula wargame we got the source code of the application. We need to read, understand, and find how to exploit the bug there.
#exploitdev
https://telegra.ph/Nebula---07-10-26
Telegraph
Nebula - 07
> Source code #!/usr/bin/perl use CGI qw{param}; print "Content-type: text/html\n\n"; sub ping { $host = $_[0]; print("<html><head><title>Ping results</title></head><body><pre>"); @output = `ping -c 3 $host 2>&1`; foreach $line (@output) { print "$line";…
Finding the password from the next level of #nebula wargame in the TCP stream by using Wireshark.
#exploitdev
https://telegra.ph/Nebula-08-09-20
#exploitdev
https://telegra.ph/Nebula-08-09-20
Telegraph
Nebula - 08
> Source code There is no source code available for this level. > Getting the flag The .pcap file is in the flag08 folder, let’s download it to the main machine and analyze it with Wireshark. One of the ways could be spawning a SimpleHTTPServer on the machine:…
In this #nebula challenge, we will analyze and exploit the vulnerable PHP code wrapped around in a C SUID binary.
#exploitdev
https://telegra.ph/Nebula-09-09-20
#exploitdev
https://telegra.ph/Nebula-09-09-20
Telegraph
Nebula - 09
> Source code <?php function spam($email) { $email = preg_replace("/\./", " dot ", $email); $email = preg_replace("/@/", " AT ", $email); return $email; } function markup($filename, $use_me) { $contents = file_get_contents($filename); $contents…
Exploiting a Race Condition vulnerability in the level 10 of #nebula!
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
p.s. it's a halfway through the series, so I've changed the pic to kinda celebrate that.
#exploitdev
https://telegra.ph/Nebula---10-11-03
Telegraph
Nebula - 10
> Source code #include <stdlib.h> #include <unistd.h> #include <sys/types.h> #include <stdio.h> #include <fcntl.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { char *file; char *host;…
Damn, this level of #nebula took way more time than it should. I hate fixing bugs in old projects...
#exploitdev
https://telegra.ph/Nebula---11-11-11
#exploitdev
https://telegra.ph/Nebula---11-11-11
Telegraph
Nebula - 11
Alright, first thing first - this level is broken. Let's admit it - Nebula is a pretty old project, and it seems abandoned now. Anyhow, challenges itself are quite nice, they are twisted in a way that force you to think as an attacker. In my opinion, this…
An easy level of #nebula for today's post. Exploiting a basic OS command injection via Lua binary.
#exploitdev
https://telegra.ph/Nebula---12-11-24
#exploitdev
https://telegra.ph/Nebula---12-11-24
Telegraph
Nebula - 12
> Source code local socket = require("socket") local server = assert(socket.bind("127.0.0.1", 50001)) function hash(password) prog = io.popen("echo "..password.." | sha1sum", "r") data = prog:read("*all") prog:close() data = string.sub(data, 1, 40) return…
Tools comes and goes, but methodology stays with you.
On my journey to learn exploit development I often feel lost and overwhelmed. You simple do not know what you are looking for, and it is not fun to spend weeks on something and come back empty handed.
I was curious if there is a methodology on how professional security researchers are doing their job. Of course, there is a pattern "fuzz it until you get a crash, analyze and exploit it, repeat", but you could not cover everything with fuzzing.
I was sure that there must be something, and I recently stumbled on this - an approach where you are utilize already known CVEs in a way that I never thought of. The idea is to treat CVEs as North Stars in vulnerability discovery and comprehension.
Check it out yourself, I found it insightful:
https://cve-north-stars.github.io/
Happy Friday everyone!
#exploitdev
On my journey to learn exploit development I often feel lost and overwhelmed. You simple do not know what you are looking for, and it is not fun to spend weeks on something and come back empty handed.
I was curious if there is a methodology on how professional security researchers are doing their job. Of course, there is a pattern "fuzz it until you get a crash, analyze and exploit it, repeat", but you could not cover everything with fuzzing.
I was sure that there must be something, and I recently stumbled on this - an approach where you are utilize already known CVEs in a way that I never thought of. The idea is to treat CVEs as North Stars in vulnerability discovery and comprehension.
Check it out yourself, I found it insightful:
https://cve-north-stars.github.io/
Happy Friday everyone!
#exploitdev
CVE North Stars
Home
Leveraging CVE, patch diffing, and root cause analysis to kickstart your vulnerability hunting adventure.