Exploit exercises is a collection of small, free and fun challenges that’ll help you get started with finding, exploiting and fixing common security vulnerabilites.

exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

Even though some of the exercises are a bit dated, it can still be a useful resource to get you familiar with both the toolset and the mindset required to find and fix vulnerabilites!

Getting started

Prerequisites:

  • A VM hypervisor (I’ll use Virtualbox)
  • Kali linux (not strictly necessary, but useful!)
  • Patience

Your first step is choosing a challenge. For these posts, as the title has already told you, I’ll go with the Nebula challange. It’s described as such:

Nebula covers a variety of simple and intermediate challenges that cover Linux privilege escalation, common scripting language issues, and file system race conditions. Nebula is an ideal place to get started for people new to Linux exploitation.

Sounds good? Okay, let’s get going! Download the .iso file, set up a new VM and start it up!

login

You can login using the nebula account if you need root access to be able to change settings such as keymaps (that is, if you are content with using the hypervisor console). I’ll be using SSH access for the duration of this series.

username: nebula
password: nebula

I recommend using SSH to access the levels. So get the ip address:

ip

And login:

[ivar@mbp ~]$ ssh nebula@192.168.1.64

      _   __     __          __
     / | / /__  / /_  __  __/ /___ _
    /  |/ / _ \/ __ \/ / / / / __ `/
   / /|  /  __/ /_/ / /_/ / / /_/ /
  /_/ |_/\___/_.___/\__,_/_/\__,_/

    exploit-exercises.com/nebula


For level descriptions, please see the above URL.

To log in, use the username of "levelXX" and password "levelXX", where
XX is the level number.

Currently there are 20 levels (00 - 19).


nebula@192.168.1.64's password:
Welcome to Ubuntu 11.10 (GNU/Linux 3.0.0-12-generic i686)

 * Documentation:  https://help.ubuntu.com/
New release '12.04 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

nebula@nebula:~$