Nebula (Level 03) : Writeup

By Homeless | Linux, Writeups
January 10, 2018 0 Comments

Feeling some new experience for me in this stage.

Level 03 Description

check at the dir of level03

there have 1 writable file and 1 permission folder to level03 but user access is flag03. I read the writable.sh file with cat command.

I understand, this file run all files as flag03 user from writable.d folder.

but there are empty. now try to exploit the user permisson access to get the getflag.

getflag is under /bin. so i need to right access to run this getflag.

flag03 userid is 966. OK. write sample c program to access as flag03 user. let’s create nano /tmp/mkk.c

Pretty Good.We already know crontab is running as flag03 access at every few minutes. so let’s exploit.

I create file “Laiwon” and give permission.

After 3 minutes later, I got access it via level03 file.

Bango! .. I do it again!

Thanks for reading . Happy Hacking.

Leave a Reply:

Your email address will not be published. Required fields are marked *