tag:blogger.com,1999:blog-3964361555410465200Sat, 29 Feb 2020 03:56:10 +0000Don't just scratch the surface of Information Security - Grab a shovel.http://security.nathanbowman.us/noreply@blogger.com (NB)Blogger5125tag:blogger.com,1999:blog-3964361555410465200.post-875505976343620204Sat, 01 Dec 2012 07:09:00 +00002012-12-01T02:16:30.348-05:00I decided to try my hand at a war game over at Exploit Exercises. I figured it was a good way to keep my mind sharp. Before reading my spoilers you should give them a try yourself. I was surprised how easy this level was. According to Exploit Exercises, Nebula Level03: "Check the home directory of flag03 and take note of the files there. There is a crontab that is called every couple of minuteshttp://security.nathanbowman.us/2012/12/exploitexercisecom-nebula-level03.htmlnoreply@blogger.com (NB)0tag:blogger.com,1999:blog-3964361555410465200.post-3213835329649764441Sun, 19 Aug 2012 17:11:00 +00002012-08-19T13:16:41.884-04:00I decided to try my hand at a war game over at Exploit Exercises. I figured it was a good way to keep my mind sharp. Before reading my spoilers you should give them a try yourself. Level02 is similar to Level01 in that it you don't need to know about C++ as much as you need to understand what is going on at the command line. You can see from the level02 code that it executes /bin/echo which http://security.nathanbowman.us/2012/08/exploitexercisecom-nebula-level02.htmlnoreply@blogger.com (NB)0tag:blogger.com,1999:blog-3964361555410465200.post-4886052044553362151Sat, 18 Aug 2012 06:56:00 +00002012-08-18T03:25:55.214-04:00I decided to try my hand at a war game over at Exploit Exercises. I figured it was a good way to keep my mind sharp. Before reading my spoilers you should give them a try yourself. With level01 you don't need to know about programing in C++ as much as you do about how Linux calls binary commands. So, read the blurb over at Wikipedia about the $PATH variable. The whole point in how the $PATH http://security.nathanbowman.us/2012/08/exploitexercisecom-nebula-level01.htmlnoreply@blogger.com (NB)0tag:blogger.com,1999:blog-3964361555410465200.post-8457969763870284511Mon, 13 Aug 2012 22:39:00 +00002012-12-01T02:39:29.120-05:00I decided to try my hand at a war game over at Exploit Exercises. I figured it was a good way to keep my mind sharp. Before reading my spoilers you should give them a try yourself. Level00 wants you to find a Set User ID program that is hidden in the filesystem. Level00 says that the SUID program runs as user 'flag00'. The linux command find works really well for this task. The level00 http://security.nathanbowman.us/2012/08/exploitexercisecom-nebula-level00.htmlnoreply@blogger.com (NB)1tag:blogger.com,1999:blog-3964361555410465200.post-7695443809596580230Fri, 27 Apr 2012 13:50:00 +00002012-08-23T09:53:42.432-04:00 The Dream Not long ago I was doing some research on the topic of brute forcing passwords. I was considering setting up a GPU farm to host a password cracking service.  Basically, people would submit password hashes and I would crack them.  For a price obviously. I envisioned making millions and getting government contracts. Unfortunately I didn't get past the research and planning http://security.nathanbowman.us/2012/04/the-brute-force-misconception.htmlnoreply@blogger.com (NB)0