/42-Boot2Root

Information security challenge, taking advantage of a vulnerable ISO and its systems to become root.

Primary LanguageCMIT LicenseMIT

42-Boot2Root

This project is a small information security challenge. The goal is to exploit whatever is on the machine to become root. The only rule is not to bruteforce password.

We're given a vulnerable ISO on which several program are running. Using known vulnerabilities and reverse engineering we can access ressources that aren't meant to be and make our way through different services.

Breakdown

Writeup Ressources Exploits
1 nmap | dirb | sshd configuration | file | ftp | Hopper | gdb | Bitwise operations | turtle | md5sum | EIP register | ESP register | ASLR | Endianness Webshell upload | Buffer overflow | ret2libc attack
2 syslinux | file | init Init override in recovery mode
3 mount | casper | squashfs files | unsquashfs Dig through squashfs file
4 Shell-storm | NOP instruction Shellcode injection | NOPSlide
5 httpd | ExploitDB suEXEC information disclosure
6 ExploitDB Race condition | Dirty cow

Credits

Made in collaboration with @thervieu.