Nebula - level00

This is my first post on the Nebula series hosted by Exploit Exercises

We start off with understanding what is being asked of us:

After SSH'ing into the host, we look around:

level00@nebula:~$ whoami
level00@nebula:~$ pwd

Reading the about section, we see that we need to carefully look around the top level directories for anything suspicious.

We look for anything that may have the SUID flag set:

level00@nebula:~$ find / -perm -u=s -type f 2>/dev/null

Looks like we have a flag00 located in /bin/.../

We run the file and notice that we automatically switch to the flag00 user. We run the "getflag" command to complete the exercise:

level00@nebula:~$ /bin/.../flag00
Congrats, now run getflag to get your flag!
flag00@nebula:~$ getflag
You have successfully executed getflag on a target account

Next will be level01