I really like Nebula 04, because it is really easy, but still a commonly missed thing in programming.
The object of this challenge is to find a vulnerability and exploit this C++ program.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
So this program first verifies that you did pass it an argument of some sort. If you pass that check, it then makes sure that your argument does not contain the term “token”, since the developer knows the filename they want to protect. If both of those suceed, it tries to open the file, and print it to the screen, as long as it exists, and has no general read errors.
So to exploit this program, we need to pass the program an argument, and it needs to not contain the term “token” in it. So all we need to do is make a symbolic link.
1 2 3
The only odd part about this challenge is that there’s apparently no privilege escalation done, so you can run “getflag”, like every other problem up until now. Someone else noticed the same thing, but there has been no answer. So as far as I’m concerned, this challenge is complete. We got the contents of the token file.