Nebula level08
来源:互联网 发布:机构持仓数据查询 编辑:程序博客网 时间:2024/05/21 19:22
http://exploit-exercises.com/nebula/level08
World readable files strike again. Check what that user was up to, and use it to log into flag08 account.
To do this level, log in as the level08 account with the password level08 . Files for this level can be found in /home/flag08.
The initial hint isn’t very useful, that being said let’s jump straight into /home/flag08
:
$ cd /home/flag08
$ ls
capture.pcap
Ok, pcap
, so we have to deal with network dump.
I think the best is to use wireshark, It is very clear when we click the Fllow the tcp stream.I also find tcpick is also a very great tool.
Upon executing tcpdump -qns 0 -A -r capture.pcap
you’ll receive quite readable output but alas I couldn’t figure this out with only tcpdump
.
Here I should probably mention that I cheated in this challenge, namely I did install additional package for analysing network dumps – tcpick
.
With tcpick
it was really quick.
$ tcpick -yP -C -r capture.pcap
(...)
Password:
b
a
c
k
d
o
o
r
.
.
.
0
0
R
m
8
.
a
t
e
.
.
.
Login incorrect
(...)
So we see characters typed as password. If you just try to type them after su flag08
it will fail, however it’s easy to see why: “.” characters between strings are backspaces so valid password is “backd00Rmate”. I think we must see the Hex value 7f , then we can say it is DEL, of course, if you are sentive, you could easily guess it!
$ su flag08
sh-4.2$ /bin/getflag
You have successfully executed getflag on a target account
Lastly I would be glad if anyone could enlighten me how to solve this challenge with tcpdump
.
- Nebula level08
- Nebula
- nebula 0
- Nebula level00
- Nebula level01
- Nebula level02
- Nebula level04
- Nebula level03
- Nebula level05
- Nebula level06
- Nebula level07
- Nebula level09
- Nebula level10
- Nebula level11
- Nebula level12
- Nebula level13
- Nebula level14
- Nebula level15
- Oracle cursor_sharing 参数 详解
- Python 学习入门(4)—— 连接MySQL
- Java源代码分析
- Visual Studio 运行程序闪一下就消失了
- android 读取本地通讯录外加搜索功能
- Nebula level08
- Objective-C中的@property和@synthesize用法
- imac 截图
- [Python] 安装及环境配置
- 一个能实现收银功能的小代码
- System类操作系统相关的属性。
- 树形dp hdu-4514 湫湫系列故事——设计风景线
- [jQuery] 选项卡,仿腾讯迷你首页,清爽无修饰版
- 两个栈实现一个队列