Protostar – stack3

Information Stack3 looks at environment variables, and how they can be set, and overwriting function pointers stored on the stack (as a prelude to overwriting the saved EIP) Hints • both gdb and objdump is your friend you determining where the win() function lies in memory. This level is at /opt/protostar/bin/stack3 Source code Solution After ...

Protostar – stack2

Information Stack2 looks at environment variables, and how they can be set. This level is at /opt/protostar/bin/stack2 Source code Solution In this challenge again, the vulnerability is located at the line : strcpy(buffer, variable); Instead of the argv[1] value, it is the value of ‘variable’ which is copied in ‘buffer’. ‘variable’ is equal to the ...

Protostar – stack1

Information This level looks at the concept of modifying variables to specific values in the program, and how the variables are laid out in memory. This level is at /opt/protostar/bin/stack1 Hints • If you are unfamiliar with the hexadecimal being displayed, “man ascii” is your friend. • Protostar is little endian Source code Solution The ...

Protostar – stack0

Information This level introduces the concept that memory can be accessed outside of its allocated region, how the stack variables are laid out, and that modifying outside of the allocated memory can modify program execution. This level is at /opt/protostar/bin/stack0 Source code Solution Alright, let’s start this new set of challenges !! After having looked ...

Nebula – level19

Information There is a flaw in the below program in how it operates. To do this level, log in as the level19 account with the password level19. Files for this level can be found in /home/flag19. Source code Solution By checking the code, I can see that the only way to execute the shell is ...

Nebula – level18

Information Analyse the C program, and look for vulnerabilities in the program. There is an easy way to solve this level, an intermediate way to solve it, and a more difficult/unreliable way to solve it. To do this level, log in as the level18 account with the password level18. Files for this level can be ...

Nebula – level17

Information There is a python script listening on port 10007 that contains a vulnerability. To do this level, log in as the level17 account with the password level17. Files for this level can be found in /home/flag17. Source code Solution I’m not a python expert but the only line which could be vulnerable for me, ...

Nebula – level16

Information There is a perl script running on port 1616. To do this level, log in as the level16 account with the password level16. Files for this level can be found in /home/flag16. Source code Solution While looking through the code, it was easy to find a remote code execution vulnerability at the following line ...

Nebula – level15

Information strace the binary at /home/flag15/flag15 and see if you spot anything out of the ordinary. You may wish to review how to “compile a shared library in linux” and how the libraries are loaded and processed by reviewing the dlopen manpage in depth. Clean up after yourself 🙂 To do this level, log in ...