How to pwned Nebula : Level00 - find the file and get the flag


Exploit-Exercice : Nebula

Hello Hackers and welcome to the How to pwned Nebula Guide

Before you read this “How to”, please try the challenge on your own and use this “guide” only if you’re stuck ! :slight_smile:
I hope you are ready to go !

Level00 - find the file and get the flag

Here is the first level of Nebula :

This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking directories.

Alternatively, look at the find man page.

We should find a Set User Id program that will run as the “flag00” account.

So here the important part

A SUID file that run as flag00

What we want is a file owned by flag00 and with the SUID bit set

The permission of the file we want should look like that


The important thing to notice is the s it means the file can be executed as the owner

to find the correct file just user the find command :

 find / -perm -4000 -user flag00 2>/dev/null

run one of those to get the flag !



Hey, thanks for this! (Didn’t know about it). I’ve been looking around for something that could help me understand Linux attacks and so on! Props to you!



I think I will do all the 20 level :slight_smile: stay tuned, this is how I learned basic linux “Hacking”



Then I’ll stay tuned for sure! Can’t wait!


(Leader & Offsec Engineer & Forum Daddy) #5

Decent job! This rocks!


(system) closed #6

This topic was automatically closed after 30 days. New replies are no longer allowed.