Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
20 lines (11 sloc) 677 Bytes

Nebula level08

https://exploit-exercises.com/nebula/level08/

Goal

Call getflag from the flag08 account.

Situation

In this example, there is a .pcap file in the /home/flag08 directory. A quick Google shows that a .pcap file is a packet capture, so we need to figure out how to dump it.

Exploit

To dump the file, we can run tcpflow -c -r capture.pcap. This shows us that the packets sent look like the following: backdoor...00Rm8.ate. Trying backdoor and backdoor...00Rm8.ate don't work as passwords. However, if you interpret the '.' as a backspace, you can see that the password is backd00Rmate. Now you can log into the flag08 account.