Nebula is part of Exploit Exercises, it covers a variety of simple and intermediate challenges that cover Linux privilege escalation, common scripting language issues, and file system race conditions.
This level requires you to find a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking directories. Alternatively, look at the find man page.
In this first level, you have to find a file owned by
flag00 with suid bit.
A single command can do the trick:
find / -user flag00 -perm /6000
Alternatively you can use
-uid 999 where
999 is the user id of
flag00 which can be found in
This outputs the same result:
find / -user 999 -perm -u+s
/bin/.../flag00 is the key.
When you run it you become another user due to the suid.
Here is the POC:
The redirection is only used to avoid the errors triggered by the system when you try to read a forbidden directory.