In this challenge, we will need to analyze a pcap file in order to discover the password to flag08 account. Level08 will make us use … Read more
In this challenge, we will need to analyze a pcap file in order to discover the password to flag08 account. Level08 will make us use … Read more
For the level07 challenge we have some Perl code to analyze. This code is available both on the Virtual Machine and the page of the challenge. What … Read more
On prior Unix systems, passwords were stored in /etc/passwd file, not in clear text, but a hash of it, using MD5 algorithm. At this time, … Read more
Contrary to previous exercises, level05 is purely about weak permissions. What you’ll need to know… Make an ssh connection Use tar command Level05 If you list … Read more
With level04 challenge we are supposed to exploit the weak permissions of flag04’s file. As always, my main objective is to get a shell under … Read more
Level03 is no longer about SUID vulnerable programs like previous exercises, but about permissions. Because I just learn about SUID programs in the last challenges, I’ll create … Read more
I see level02 as a combination of the previous two exercises, level00 and level01. Let’s dig in and work through the solution. What you’ll need to know… Basic … Read more
Still under the SUID programs category, level01 makes use of another trick in order to be solved, the manipulation of environment variables. What you’ll need … Read more
So far, we have dealt with bash, Perl and C programming languages. In level09 challenge, we have a small PHP piece of code to analyze … Read more
Level10 introduces the Time-of-check Time-of-use (TOCTOU) vulnerability, well described in the CWE website. What you’ll need to know… C Level10 I’ll quickly explain the TOCTOU vulnerability using … Read more