How to pwned Nebula - Level08 - Where do you hide your shark?


Exploit-Exercice : Nebula

Level08 - Where do you hide your shark ?

Hello ! You’re still alive to do the level08 ? :slight_smile:
In this level we will use wireshark to get the password !

Here what’s on exploit-exercice

World readable files strike again. Check what that user was up to, and use it to log into flag08 account.
To do this level, log in as the level08 account with the password level08. Files for this level can be found in /home/flag08.

Here is what the /home/flag08/ directory have

A .pcap file ? I send the file throught netcat and open it in wireshark. If we use the follow tcp stream we see this :

Password : backdoor…00Rm8.ate

Let’s try backdoor or backdoor…00Rm8.ate as a password

Well, It might be something a little bit harder if we change show data as to hexdump we will see the hex equivalent of the letter and key typed by the user

Let’s use Google to find out what key is 7f

In computing, the delete character (sometimes also called rubout) is the last character in the ASCII repertoire, … In hexadecimal, this is 7F

Well, the user just delete

Here the first thing he type :

  • backdoor
  • type the “del key” 3 time : backd
  • typed : 00R : backd00R
  • etc …
    so the password should be backd00Rmate

And now we have succefully pwned flag08 account !


(system) closed #2

This topic was automatically closed after 30 days. New replies are no longer allowed.