Discover cyber security through 15 little challenges.
In the folder for each level you will find:
-
flag - password for next level
-
README.md - how to find the password
See the subject for more details.
For more security fun check out the next projects RainFall & OverRide.
Final Score 125/100
First download from 42 SnowCrash.iso.
On Mac OSX, install VirtualBox.
In VirtualBox create a new VM (click new).
- Name and operating system - Type: Linux, Version: (Oracle 64-bit)
Continue through all the next steps with the default settings:
- Memory size: 4MB
- Hard disk: Create a disk now
- Hard disk file type: VDI(VirtualBox Disk Image)
- Storage on physical hard disk: Dynamically allocated
- File size: 12,00GB
Next click Settings > Network > Adapter 1 > Attached to: Bridged Adapter.
Still in settings click Storage > Right of "Controller: IDE", there is a CD icon with a + sign (add optical drive). Click Add Disk Image, and select SnowCrash.iso.
Click Start to start the VM, once runnning it should show the VM IP address and prompt user to login.
Log in from a separate shell as user level00 with password level00.
ssh level00@{VM_IP} -p 4242
As user level00 the goal is to find the password for user flag00, see level00/ for how.
Log in as user flag00.
su flag00
Run getflag to find the password for user level01.
getflag
Log in as user level01.
su level01
Repeat these steps for each level.
0 - Weak password ecryption
1 - Password stored in publicly readable file, weak encryption
2 - Packet capture & password sniffing
3 - Environment variables
4 - CGI code injection
5 - Cron
6 - PHP code injection
7 - Environment variables
8 - Weak filename check
9 - Ecryption vulnerable to reverse engineering
10 - Symlink attack
11 - Code injection
12 - CGI code injection
13 - Register manipulation using gdb
14 - getflag binary
I wrote this project in a team with the wonderful @anyaschukin