Exploit-Exercice : Nebula
Hello Hackers and welcome to the How to pwned Nebula Guide
Before you read this “How to”, please try the challenge on your own and use this “guide” only if you’re stuck !
I hope you are ready to go !
Level00 - find the file and get the flag
Here is the first level of Nebula :
This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking directories.
Alternatively, look at the find man page.
We should find a Set User Id program that will run as the “flag00” account.
So here the important part
A SUID file that run as flag00
What we want is a file owned by flag00 and with the SUID bit set
The permission of the file we want should look like that
-rwsr-x—
The important thing to notice is the s it means the file can be executed as the owner
to find the correct file just user the find command :
find / -perm -4000 -user flag00 2>/dev/null
run one of those to get the flag !