Nebula – level19

Information There is a flaw in the below program in how it operates. To do this level, log in as the level19 account with the password level19. Files for this level can be found in /home/flag19. Source code Solution By checking the code, I can see that the only way to execute the shell is ...

Nebula – level18

Information Analyse the C program, and look for vulnerabilities in the program. There is an easy way to solve this level, an intermediate way to solve it, and a more difficult/unreliable way to solve it. To do this level, log in as the level18 account with the password level18. Files for this level can be ...

Nebula – level17

Information There is a python script listening on port 10007 that contains a vulnerability. To do this level, log in as the level17 account with the password level17. Files for this level can be found in /home/flag17. Source code Solution I’m not a python expert but the only line which could be vulnerable for me, ...

Nebula – level16

Information There is a perl script running on port 1616. To do this level, log in as the level16 account with the password level16. Files for this level can be found in /home/flag16. Source code Solution While looking through the code, it was easy to find a remote code execution vulnerability at the following line ...

Nebula – level15

Information strace the binary at /home/flag15/flag15 and see if you spot anything out of the ordinary. You may wish to review how to “compile a shared library in linux” and how the libraries are loaded and processed by reviewing the dlopen manpage in depth. Clean up after yourself 🙂 To do this level, log in ...

Nebula – level14

Information This program resides in /home/flag14/flag14. It encrypts input and writes it to standard output. An encrypted token file is also in that home directory, decrypt it 🙂 To do this level, log in as the level14 account with the password level14. Files for this level can be found in /home/flag14. Solution In this level, ...

Nebula – level13

Information There is a security check that prevents the program from continuing execution if the user invoking it does not match a specific user id. To do this level, log in as the level13 account with the password level13. Files for this level can be found in /home/flag13. Source code Solution The program above requests ...

Nebula – level12

Information There is a backdoor process listening on port 50001. To do this level, log in as the level12 account with the password level12. Files for this level can be found in /home/flag12. Source code Solution There is in the code above a command injection. I can control the password variable. It is used to ...

Nebula – level11

Information The /home/flag11/flag11 binary processes standard input and executes a shell command. There are two ways of completing this level, you may wish to do both 🙂 To do this level, log in as the level11 account with the password level11. Files for this level can be found in /home/flag11. Source code Solution In this ...

Nebula – level10

nebula – level10 Information The setuid binary at /home/flag10/flag10 binary will upload any file given, as long as it meets the requirements of the access() system call. To do this level, log in as the level10 account with the password level10. Files for this level can be found in /home/flag10. Source code Solution This challence ...