Nebula exploit exercises walkthrough – level04

This level requires you to read the token file, but the code restricts the files that can be read. Find a way to bypass it 🙂

This program looks like it will read the file passed to it by the first argument. Let’s test that out:

Everything as expected then. The problem is that it explicitly forbids opening of files called token. How can we get round this?

Symbolic links to the rescue again!

Just create a symbolic link to a name that doesn’t match “token”.

So what is this long string? Seems sensible to try and login to the flag04 account with it:

Leave a Reply

Your email will not be published. Name and Email fields are required.