Fusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms such as:
+ Address Space Layout Randomisation
+ Position Independent Executables
+ Non-executable Memory
+ Source Code Fortification (_DFORTIFY_SOURCE=)
+ Stack Smashing Protection (ProPolice / SSP)
In addition to the above, there are a variety of other challenges and things to explore, such as:
+ Cryptographic issues
+ Timing attacks
+ Variety of network protocols (such as Protocol Buffers and Sun RPC)
+ At the end of Fusion, the participant will have a through understanding of exploit prevention strategies, associated weaknesses, various cryptographic weaknesses, numerous heap implementations.
Have a look at the levels available on the side bar, and pick which ones interest you the most. If in doubt, begin at the start. You can log into the virtual machine with the username of "fusion" (without quotes), and password "godmode" (again, without quotes).
To get root for debugging purposes, do "sudo -s" with the password of "godmode".
Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at
+ SUID files
+ Race conditions
+ Shell meta-variables
+ $PATH weaknesses
+ Scripting language weaknesses
+ Binary compilation failures
At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.
Have a look at the levels available on the side bar, and log into the virtual machine as the username "levelXX" with a password of "levelXX" (without quotes), where XX is the level number.
Some levels can be done purely remotely.
In case you need root access to change stuff (such as key mappings, etc), you can do the following:
Log in as the "nebula" user account with the password "nebula" (both without quotes), followed by "sudo -s" with the password "nebula". You'll then have root privileges in order to change whatever needs to be changed.
The links below are community submitted 'solutions' showing hints/nudges or possibly a complete walkthrough* of how they solved the puzzle.
Please note, there could be (many) more methods of completing this, they just haven't, either been discovered, or submitted. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.
* This is a spoiler. It could possibly show you a way of completely solving it.
Here you can download the mentioned files using various methods.
We have listed the original source, from the author's page. However, after time these links 'break', for example: either the files are moved, they have reached their maximum bandwidth limit, or, their hosting/domain has expired.
For these reasons, we have been in touch with each author asking for permission to mirror the files. If the author has agreed, we have created mirrors. These are untouched copies of the listed files. (You can check for yourself via the MD5 & SHA1 checksums which are individually displayed on their entry page. See how here).
We also offer the download via BitTorrent. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.
To make sure everyone using VulnHub has the best experience possible using the site, we have had to
limit the amount of simultaneous direct download files to two files, with a max speed of 3mb
This is because the average file size is currently about 700mb, which causes our bandwidth to be high (couple of terabytes each month!). As this is a privately funded project, we believe we have chosen the best hosting provider for the limited budget.
If would you like to be able to download a mass, and at quicker speed, please use torrents as these will be seeded 24/7. For a guide on how to setup and use torrents, see here.
If you're the owner of a listed file or believe that we are unlawfully distributing files without permission, please get in touch here.