Check the flag05 home directory. You are looking for weak directory permissions
To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05.
weak directory permissions…?
Check the flag05 home directory. You are looking for weak directory permissions
To do this level, log in as the level05 account with the password level05. Files for this level can be found in /home/flag05.
weak directory permissions…?
This level requires you to read the token file, but the code restricts the files that can be read. Find a way to bypass it :)
To do this level, log in as the level04 account with the password level04. Files for this level can be found in /home/flag04.
看起來是要讀取一個讀取不到的檔案呢…
Check the home directory of flag03 and take note of the files there.
There is a crontab that is called every couple of minutes.
To do this level, log in as the level03 account with the password level03. Files for this level can be found in /home/flag03.
喔喔出現不一樣的題形了,一樣先登入 level03
There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?
To do this level, log in as the level02 account with the password level02. Files for this level can be found in /home/flag02.
看起來跟上一關很像…
There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?
To do this level, log in as the level01 account with the password level01. Files for this level can be found in /home/flag01.
一樣先登入 level01, 密碼也是 level01
This level requires you to find a Set User ID program that will run as the 「flag00」 account. You could also find this by carefully looking in top level directories in / for suspicious looking directories.
Alternatively, look at the find man page.
To access this level, log in as level00 with the password of level00.
首先,以 level00
登入,密碼也是 level00
根據提示,要找到一個可以在flag00
使用者上執行的 set user ID 程式,可以從根目錄中的可疑資料夾中找到…不過我不是很確定哪些資料夾是可疑的就先略過,看來只能用find
來慢慢找了 0A0
Exploit Exercises 提供了一系列的 linux 資安 CTF,由淺入深,包含各式資安問題,以虛擬機的方式下載。
這個系列為 Exploit Exercise 的 Nebula,一個較好上手,適合想學習 linux 破解得初學者(比如我:3)。包含特權提升(Priviledge Escalation), 常見的 script 漏洞以及競爭危害(Race Condition),等等我現在還沒有任何概念的東東
因為我自己也是從不懂到會,所以內容應該會偏詳細。更新頻率大概是每一禮拜更新1,2次,以下為在 ubuntu 上安裝 nebula 虛擬機的方法。
最近在上資訊安全,課堂上有提到 Rijndael 對稱式密碼演算法,剛好我高三時看的「密碼學與比特幣」中有提到,當時就很納悶怎麼沒有提到數學理論的部份還想了好久,剛好被我看了又有一點時間就寫下來吧