blog.ferling.eu by Benedikt Ferling


 

exploit-exercises.com/nebula -- Level 08

Problem

  1. Default permit! Everybody has access to the trace.
  2. Plaintext login!

Exploit

There is a file called capture.pcap inside the folder of /home/flag08. With tcpflow we can follow the packets and see its content.

1
tcpflow -cr capture.pcap

This reveals the password indirectly. There is something like a login and password. The login seems to be level08 and the password backdoor...00Rm8.ate Using each . as a backspace we get the following credentials:

1
2
user: level08
pass: backd00Rmate

Using this password and the user flag08, we can successfully login as user flag08 and execute getflag.

Lesson / How to fix

  1. Use restrict permissions!
  2. Do not use plaintext logins!

other levels…

00 01 02 03 04 05 06 07 08 09
10 11 12 13 14 15 16 17 18 19