snow-crash

SnowCrash is a 42 project, and more specially : an ISO challenge. It introduces us to the basics of cybersecurity. The goal is to find the flag hidden in the system.

Each level is a user, and we have to search, exploit and escalate privileges to find the flag of the next level. We have to discover all the level user offers to us to beat it.

There is multiple language (C, ASM, php, perl, etc...) but the main language is bash. It's a good training to better understand this language. And with all of these languages, we have to develop our logic, thinking and knowledge of a system to finish this project.

It's very fun and interesting to do !

This README.md is write after having resolve all the levels with my BRO Noah. For each level documents the steps I took to solve the challenge, the tools I used, and even the mistakes I made. I aim to transcribe my logic, and my research.

Virtual Machine Setup

The subject give to us a pdf file with all rules of the project. And an image disk that we have to run with. Personally, I use qemu to run it. But you can use VirtualBox or VMware if you want.

You can view my script to run the virtual machine here.

Just after that, I can connect to my machine with the following command:

➜  ~ ssh level00@127.0.0.1 -p 4242

And for get the files from the virtual machine, I use scp:

➜  ~ scp -P 4242 level06@127.0.0.1:/home/user/level06/level06.php /Users/mayoub/Desktop

🚨 SPOILER ZONE 🚨

Summary (level00 to level09, we don't do the bonus levels) :

• level00 : Ceasar cipher
• level01 : John the Ripper
• level02 : TCP packet analysis with WireShark
• level03 : shell script injection with PATH
• level04 : shell script injection with uri parameter
• level05 : perl script exploitation
• level06 : regex manipulation
• level07 : environment variable injection
• level08 : binary exploitation with symbolic link
• level09 : rot encryption

MADE BY TWO REAL BROS :

Noah (noalexan)

Nimpô (mayoub)