Nebula - level07

This is my eighth post on the Nebula series hosted by Exploit Exercises

We start off with understanding what is being asked of us:

Level07

The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server.
To do this level, log in as the level07 account with the password level07. Files for this level can be found in /home/flag07.

Source code

#!/usr/bin/perl

use CGI qw{param};

print "Content-type: text/html\n\n";

sub ping {
  $host = $_[0];

  print("<html><head><title>Ping results</title></head><body><pre>");

  @output = `ping -c 3 $host 2>&1`;
  foreach $line (@output) { print "$line"; }

  print("</pre></body></html>");
  
}

# check if Host set. if not, display normal page, etc

ping(param("Host"));

Protostar - stack2

This is my third post on the Protostar series hosted by Exploit Exercises

We start off with understanding what is being asked of us:

About

Stack2 looks at environment variables, and how they can be set.
This level is at /opt/protostar/bin/stack2

Source code

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
  volatile int modified;
  char buffer[64];
  char *variable;

  variable = getenv("GREENIE");

  if(variable == NULL) {
      errx(1, "please set the GREENIE environment variable\n");
  }

  modified = 0;

  strcpy(buffer, variable);

  if(modified == 0x0d0a0d0a) {
      printf("you have correctly modified the variable\n");
  } else {
      printf("Try again, you got 0x%08x\n", modified);
  }

}

Nebula - level06

This is my seventh post on the Nebula series hosted by Exploit Exercises

We start off with understanding what is being asked of us:

About

The flag06 account credentials came from a legacy unix system.
To do this level, log in as the level06 account with the password level06. Files for this level can be found in /home/flag06.

Source code

There is no source code available for this level

Nebula - level05

This is my sixth post on the Nebula series hosted by Exploit Exercises

We start off with understanding what is being asked of us:

About

Check the flag05 home directory. You are looking for weak directory permissions
To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05.

Source code

There is no source code available for this level

Protostar - stack1

This is my second post on the Protostar series hosted by Exploit Exercises

We start off with understanding what is being asked of us: