[Level05] instructs us to “Check the flag05 home directory. You are looking for weak directory permissions”

Hi All,

The details page for Level03 contains a hint directing us to the home directory of flag03. After navigating to the target home directory and listing out the files, I was presented with a shell script called writable.sh and a directory called writable.d.

Level04 was one of my favorite challenges out of the entire series. The post below documents my solution.

The next level, Level01, provides some C code for the user to evaluate. The code contains a vulnerability that allows arbitrary programs to be executed. This post will outline the steps I took to solve the challenge.

Level02 instructs us to review some vulnerable C code and locate the attack vector. This program addresses the vulnerability from the previous level but a new vector is available.

After completing some of my certifications, I decided to get back to some of the challenges and coding practice. My good friend Kristian suggested the war games over at Exploit Exercises. Starting with Nebula, I will outline some walkthroughs of my solutions to the levels (00-19). I will split each level into a separate post in order to not spoil any of the challenges for someone just looking for a hint on a single level.

It was a long ride, but I finally finished my OSCP certification by completing the lab portion and passing the practical exam. I learned so much during the course and earned what I feel is a cert worth its weight in gold. As I have mentioned in previous blog posts, I take pride in guiding my professional development and I felt that taking a hands-on penetration testing course would be a great challenge and learning experience. This post summarizes my thoughts on the entire course and process.

It has been quite a while since I have posted over at IntricateDefense and although I was very busy, I decided that Blogger just wasn’t suitable for the type of content I want to share. After some searching and checking in on my buddy Jordan Wright, I decided on Octopress! For those of you who don’t know what Octopress is, you can check out (http://octopress.org/) – there is some fantastic documentation about the blogging framework.

One of the most frequently asked questions I receive from individuals looking to enter the Information Security field is: “Should I pursue certifications?”