April 16, 2012

This Thursday's Talk and Demo: An Introduction to Exploitation

I am giving a talk on some basic to more advanced topics about exploiting different vulnerabilities in Linux systems. As a guide I will be using all the 20 levels of the Nebula* VM and solving and discussing all the levels one by one.
 
The Nebula VM can be obtained from http://exploit-exercises.com/download and according to the level designers:

Nebula covers a variety of simple and intermediate challenges that cover Linux privilege escalation, common scripting language issues, and file system race conditions.

Nebula is an ideal place to get started for people new to Linux exploitation.

At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.

I will be talking about relevant areas and subjects that you have to know before approaching each level and I will (somehow) expect everyone to be able to at least identify the attack vector for each level after each talk. In general we are going to cover these topics and possibly more:
  • SUID files
  • Permissions
  • Race conditions
  • Shell meta-variables
  • $PATH weaknesses
  • Scripting language weaknesses
  • Binary compilation failures
As a starting point please download the Nebula VM and familiarize yourself with the challenges available here:http://exploit-exercises.com/nebula
I'd also recommend your laptop with the VM on it so you can work on each level as we progress thru the talk.
 
The talk is at 7pm but I'm pretty much free the whole evening so that can be changed if another hour would work better for everyone !
Hopefully we will solve all the levels if time permits or we can talk about a topic in depth if everyone's interested !
 
--
Farzad E.