![](https://img-blog.csdnimg.cn/20201014180756926.png?x-oss-process=image/resize,m_fixed,h_64,w_64)
ExploitExercise
文章平均质量分 58
小黑话不多
这个作者很懒,什么都没留下…
展开
-
Exploit_Nubula_Level00
题目如下: This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking d原创 2016-12-25 22:51:10 · 1028 阅读 · 0 评论 -
ExploitExercises_Nebula_Level13
题目源码中省略了token的计算过程: #include #include #include #include #include #define FAKEUID 1000 int main(int argc, char **argv, char **envp) { int c; char token[256]; if(getuid() != FAKEUID) {原创 2016-12-30 15:12:28 · 706 阅读 · 0 评论 -
ExploitExercises_Nebula_Level12
程序源码为lua脚本: local socket = require("socket") local server = assert(socket.bind("127.0.0.1", 50001)) function hash(password) prog = io.popen("echo "..password.." | sha1sum", "r") data = prog:read原创 2016-12-30 14:55:18 · 471 阅读 · 0 评论 -
ExploitExercises_Nebula_Level10
题目源码: #include #include #include #include #include #include #include #include #include int main(int argc, char **argv) { char *file; char *host; if(argc < 3) { printf("%s file原创 2016-12-30 11:53:19 · 605 阅读 · 0 评论 -
ExploitExercises_Nebula_Level09
题目给出一段PHP代码: <?php function spam($email) { $email = preg_replace("/\./", " dot ", $email); $email = preg_replace("/@/", " AT ", $email); return $email; } function markup($filename, $use_me原创 2016-12-29 10:15:05 · 471 阅读 · 0 评论 -
ExploitExercises_Nebula_Level08
题目提供了一个capture.pcap文件: 可以看到password部分输入,其中包括几处0x7F,查询ascii表,该值对应删除操作。 还原删除过程,最终得到密码:bacjd00Rmate su - flag08尝试登陆,成功。原创 2016-12-28 21:13:59 · 447 阅读 · 0 评论 -
ExploitExercises_Nebula_Level07
题目源码为一段perl脚本: #!/usr/bin/perl use CGI qw{param}; print "Content-type: text/html\n\n"; sub ping { $host = $_[0]; print("Ping results"); @output = `ping -c 3 $host 2>&1`; foreach $line (@原创 2016-12-28 21:13:43 · 1050 阅读 · 0 评论 -
ExploitExercises_Nebula_Level06
题目如下: The flag06 account credentials came from a legacy unix system. To do this level, log in as the level06 account with the password level06. Files for this level can be found in /home/flag06.原创 2016-12-26 17:31:40 · 422 阅读 · 0 评论 -
ExploitExercises_Nebula_Level05
题目如下: Check the flag05 home directory. You are looking for weak directory permissions To do this level, log in as the level05 account with the password level05. Files for this level can be found i原创 2016-12-26 17:28:14 · 513 阅读 · 0 评论 -
ExploitExercises_Nebula_Level04
题目余源码如下: #include #include #include #include #include #include int main(int argc, char **argv, char **envp) { char buf[1024]; int fd, rc; if(argc == 1) { printf("%s [file to read]原创 2016-12-26 16:26:36 · 632 阅读 · 0 评论 -
ExploitExercises_Nebula_Level03
题目设置定时任务,定时执行/home/flag03/writable.sh脚本: #!/bin/sh for i in /home/flag03/writable.d/* ; do (ulimit -t 5; bash -x "$i") rm -f "$i" done 可以看到,该脚本去执行writable.d目录下的程序。 获取shell过程如下: 1.原创 2016-12-26 15:41:43 · 819 阅读 · 0 评论 -
ExploitExercises_Nebula_Level02
题目源代码: #include #include #include #include #include int main(int argc, char **argv, char **envp) { char *buffer; gid_t gid; uid_t uid; gid = getegid(); uid = geteuid(); setresgid原创 2016-12-26 13:33:44 · 444 阅读 · 0 评论 -
ExploitExercises_Nebula_Level01
题目源码如下: #include #include #include #include #include int main(int argc, char **argv, char **envp) { gid_t gid; uid_t uid; gid = getegid(); uid = geteuid(); setresgid(gid, gid, gid);原创 2016-12-26 13:32:33 · 1377 阅读 · 0 评论 -
ExploitExercises_Nebula_Level14
/home/flag14/flag14是一个加密程序,输入加-e参数,该程序将对输入数据加密后输出到终端: level14@nebula:~$ /home/flag14/flag14 -e 123456 13579; 逆向加密算法: v12 = *MK_FP(__GS__, 20); v8 = 0; if ( argc <= 1 ) goto LABEL_17;原创 2016-12-30 16:10:39 · 1023 阅读 · 0 评论