Nebula – Level08

This level was much more easier for me when compared to previous level. When I logged into level08, I found a PCAP file in /home/flag08. I copied that file into my local machine and opened it using Wireshark. When I found that all the protocols in the captured packets are TCP, I ran a Follow TCP Stream inside Wireshark. Which gave me something like this:
I tried to use "backdoor...00Rm8.ate" as the password to flag08, But it didn’t work :-/ Then I opened up this link and found out that 0x7F means delete. So I deleted "oor" and "8" from "backdoor...00Rm8.ate" to get the actual password of the flag08 user -> "backd00Rmate" Then I logged in as flag08 user like given below and ran get flag!

level08@nebula:~$ ssh flag08@localhost

      _   __     __          __     
     / | / /__  / /_  __  __/ /___ _
    /  |/ / _ \/ __ \/ / / / / __ `/
   / /|  /  __/ /_/ / /_/ / / /_/ / 
  /_/ |_/\___/_.___/\__,_/_/\__,_/  

    exploit-exercises.com/nebula

For level descriptions, please see the above URL.

To log in, use the username of "levelXX" and password "levelXX", where
XX is the level number.

Currently there are 20 levels (00 - 19).

flag08@localhost's password: 
Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686)

 * Documentation:  https://help.ubuntu.com/
New release '12.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
flag08@nebula:~$ id
uid=991(flag08) gid=991(flag08) groups=991(flag08)
flag08@nebula:~$ getflag 
You have successfully executed getflag on a target account
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s