Security - Pentest - Part I - Break the Box Snowcrash

This virtual machine is provided by school 42 to improve security skills.

🔧 System Requirements:

• Operating System: x86-64 architecture
• Software: Virtualization Software, Wireshark, John the Ripper, wget (or similar)

Usage

• To download Snowcrash.iso

  wget https://cdn.intra.42.fr/isos/SnowCrash.iso

• Use a 64-bit virtual machine to run this iso.
• SSH Port: 4242

  ssh -p 4242 levelXX@<ip>

Overview

Contrary to general practice in CTF challenges, a detailed walkthrough to solve the challenge in interactive mode is provided in each level directory. The Goal is simple :

• Get the flagXX's password.
• Login to the flagXX's account.
• Run getflag command to get the next levelXX's account.
• Login to the next levelXX's account.
• To begin, the first user is level00 and its password is level00

level00@SnowCrash:~$ su flag00
Password:
Dont forget to launch getflag !
flag00@SnowCrash:~$ getflag
Check flag.Here is your token : ?????????????????
flag00@SnowCrash:~$ su level01
Password:
level01@SnowCrash:~$ _

Note that exploiting certain vulnerabilities will directly give you the password for the next level. So you just need to login using su levelXX

Summary

• level00 : Reverse hash
• level01 : /etc/passwd attack - Hash - John The Ripper
• level02 : Analyse TCP - file pcap - Wireshark
• level03 : PATH abuse attack
• level04 : Command injection - Exploit perl scipt
• level05 : Crontab privilege escalation
• level06 : Command injection - Exploit php script
• level07 : Environnement variable command injection
• level08 : Bypass privilege using symbolic link
• level09 : Reverse hash
• level10 : Race condition - Exploit access command vulnerability
• level11 : Command injection - Exploit lua script
• level12 : Command injection - Exploit perl script
• level13 : Reverse engineering using GDB
• level14 : Reverse engineering using GDB

The levelXX's password is stocked in file flag of level<XX - 1>, if you want to connect directly in a level.