master
..
level00/
level01/
level02/
level03/
level04/
level05/
level06/
level07/
level08/
level09/
level10/
level11/
level12/
level13/
level14/
level15/
level16/
level17/
level18/
level19/
README.md
rw-r--r--
1.7 KB
completions.md
rw-r--r--
821 B

Exploit Exercises - Nebula

About

Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at

  • SUID files
  • Permissions
  • Race conditions
  • Shell meta-variables
  • $PATH weaknesses
  • Scripting language weaknesses
  • Binary compilation failures
  • At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.

Download

Downloads are available from the download page TODO: link to internal file server

Getting started

Levels

Have a look at the levels available on the side bar, and log into the virtual machine as the username “levelXX” with a password of “levelXX” (without quotes), where XX is the level number.

Some levels can be done purely remotely.

Getting root

In case you need root access to change stuff (such as key mappings, etc), you can do the following:

Log in as the “nebula” user account with the password “nebula” (both without quotes), followed by “sudo -s” with the password “nebula”. You’ll then have root privileges in order to change whatever needs to be changed.

Exercises

  1. Level 00
  2. Level 01
  3. Level 02
  4. Level 03
  5. Level 04
  6. Level 05
  7. Level 06
  8. Level 07
  9. Level 08
  10. Level 09
  11. Level 10
  12. Level 11
  13. Level 12
  14. Level 13
  15. Level 14
  16. Level 15
  17. Level 16
  18. Level 17
  19. Level 18
  20. Level 19