Exploit-Exercice : Nebula
Level08 - Where do you hide your shark ?
Hello ! You’re still alive to do the level08 ?
In this level we will use wireshark to get the password !
Here what’s on exploit-exercice
World readable files strike again. Check what that user was up to, and use it to log into flag08 account.
To do this level, log in as the level08 account with the password level08. Files for this level can be found in /home/flag08.
Here is what the /home/flag08/ directory have
A .pcap file ? I send the file throught netcat and open it in wireshark. If we use the follow tcp stream we see this :
Password : backdoor…00Rm8.ate
Let’s try backdoor or backdoor…00Rm8.ate as a password
Well, It might be something a little bit harder if we change show data as to hexdump we will see the hex equivalent of the letter and key typed by the user
Let’s use Google to find out what key is 7f
In computing, the delete character (sometimes also called rubout) is the last character in the ASCII repertoire, … In hexadecimal, this is 7F
Well, the user just delete
Here the first thing he type :
- backdoor
- type the “del key” 3 time : backd
- typed : 00R : backd00R
- etc …
so the password should be backd00Rmate
And now we have succefully pwned flag08 account !