I took the course “Systems security” last semester and after the exam I decided to reinforce and expand my knowledge. This wargame is a good start to do so. All basic concepts of this wargame were also part of the course.
During the course at the university we often got the questions, what the exact problem of a situation/given source is and how to fix a certain vulnerability. I didn’t really found much sources that tell you how to fix a certain issue. With this blogentry I want to add a source to the internet, where not only an exploit is given, but also an introduction to the problem as well as a possible way to fix the issue.
These are my exploits to the given situations/levels. Please find the level descriptions at exploit-exercises.com. All solutions are based on the exploit-exercises-nebula-5.iso with SHA1 Checksum e82f807be06100bf3e048f82e899fb1fecc24e3a.
Thanks to everybody at exploit-exercises.com for this excellent wargame. It addresses fundamental weaknesses, programming mistakes and concepts that are essential for the development and administration of systems/programs.
|00||Security by obscurity||Shell|
|01||Unsafe functions, Read the manual||C, Shell|
|02||Unsafe functions, Userinput||C, Shell|
|03||Default permit - Permissions||Cron, Shell|
|05||Default permit - Permissions||Shell and SSH|
|06||Deprecated encryption methods||Password cracking|
|08||Default permit, Plaintext login||Analysing Pcap-files|
|09||Remote code execution||PHP|
|10||TOCTOU/TOCTTOU||C, Shell, Filemanagement|
|11||Custom (non-)predictable method, Userinput, Default permit||C, SSH, Filemanagement|
|13||Backdoor, unsafe authentication||GDB, Binaryanalysis|
|14||Custom encryption method||C|
|17||Using a library with remote code execution||Python|
|18||Logical flaw||Linux process management, Shell|
|19||Usage of custom authentication||C- and Linux-process-management|