blog.ferling.eu by Benedikt Ferling

/wargames


 

exploit-exercises.com/nebula -- writeup / walkthrough / solutions / lessons

Preliminaries

I took the course “Systems security” last semester and after the exam I decided to reinforce and expand my knowledge. This wargame is a good start to do so. All basic concepts of this wargame were also part of the course.

During the course at the university we often got the questions, what the exact problem of a situation/given source is and how to fix a certain vulnerability. I didn’t really found much sources that tell you how to fix a certain issue. With this blogentry I want to add a source to the internet, where not only an exploit is given, but also an introduction to the problem as well as a possible way to fix the issue.

These are my exploits to the given situations/levels. Please find the level descriptions at exploit-exercises.com. All solutions are based on the exploit-exercises-nebula-5.iso with SHA1 Checksum e82f807be06100bf3e048f82e899fb1fecc24e3a.

Acknowledgement

Thanks to everybody at exploit-exercises.com for this excellent wargame. It addresses fundamental weaknesses, programming mistakes and concepts that are essential for the development and administration of systems/programs.

Levels

Level Problem(s) Syntactic Sugar
00 Security by obscurity Shell
01 Unsafe functions, Read the manual C, Shell
02 Unsafe functions, Userinput C, Shell
03 Default permit - Permissions Cron, Shell
04 Filesystem C
05 Default permit - Permissions Shell and SSH
06 Deprecated encryption methods Password cracking
07 Userinput Perl
08 Default permit, Plaintext login Analysing Pcap-files
09 Remote code execution PHP
10 TOCTOU/TOCTTOU C, Shell, Filemanagement
11 Custom (non-)predictable method, Userinput, Default permit C, SSH, Filemanagement
12 Userinput Lua
13 Backdoor, unsafe authentication GDB, Binaryanalysis
14 Custom encryption method C
15 Permissions Shared libraries
16 Userinput Perl
17 Using a library with remote code execution Python
18 Logical flaw Linux process management, Shell
19 Usage of custom authentication C- and Linux-process-management