Nebula – level12

Information There is a backdoor process listening on port 50001. To do this level, log in as the level12 account with the password level12. Files for this level can be found in /home/flag12. Source code Solution There is in the code above a command injection. I can control the password variable. It is used to ...

Nebula – level11

Information The /home/flag11/flag11 binary processes standard input and executes a shell command. There are two ways of completing this level, you may wish to do both 🙂 To do this level, log in as the level11 account with the password level11. Files for this level can be found in /home/flag11. Source code Solution In this ...

Nebula – level10

nebula – level10 Information The setuid binary at /home/flag10/flag10 binary will upload any file given, as long as it meets the requirements of the access() system call. To do this level, log in as the level10 account with the password level10. Files for this level can be found in /home/flag10. Source code Solution This challence ...

Nebula – level09

Information There’s a C setuid wrapper for some vulnerable PHP code… To do this level, log in as the level09 account with the password level09. Files for this level can be found in /home/flag09. Source code Solution The description told me that there is a binary setuid wrapper which executes php code. As usual, I ...

Nebula – level08

Information World readable files strike again. Check what that user was up to, and use it to log into flag08 account. To do this level, log in as the level08 account with the password level08. Files for this level can be found in /home/flag08. Solution The description says « World readable file strike » I guess the ...

Nebula – level07

Information The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server. To do this level, log in as the level07 account with the password level07. Files for this level can be found in /home/flag07. Source code Solution I started ...

Nebula – level06

Information The flag06 account credentials came from a legacy unix system. To do this level, log in as the level06 account with the password level06. Files for this level can be found in /home/flag06. Solution The description says “The flag06 account credentials came from a legacy unix system.” Which made me think I need to ...

Nebula – level05

Information Check the flag05 home directory. You are looking for weak directory permissions To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05. Solution The vulnerability is announced in the information : there are weak directory permissions My first guess is that ...

Nebula – level04

Information This level requires you to read the token file, but the code restricts the files that can be read. Find a way to bypass it 🙂 To do this level, log in as the level04 account with the password level04. Files for this level can be found in /home/flag04. Source code Solution The program ...

Nebula – level03

Information Check the home directory of flag03 and take note of the files there. There is a crontab that is called every couple of minutes. To do this level, log in as the level03 account with the password level03. Files for this level can be found in /home/flag03. Solution I’m informed that a cronjob runs ...