</pwntester>

Nebula level03 write-up

@pwntester · Nov 20, 2013 · 1 min read

In Level03 we are said that the program on /flag03 is run by cron every X minutes. If we have a look at the code we can see that it will execute the files in the writable.d directory and then remove them: level03@nebula:/home/flag03$ cat writable.sh #!/bin/sh for i in /home/flag03/writable.d/* ; do (ulimit -t 5; bash -x "$i") rm -f "$i" done Ok, so whatever we put in writable.d will be execute by someone else … but who?