graugans

#
# Automatically generated file; DO NOT EDIT.
# Linux/arm 3.10.61 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_SYS_SUPPORTS_APM_EMULATION=y
CONFIG_HAVE_PROC_CPU=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_TRACE_IRQFLAGS_SUPPORT=y

graugans

BUFFALO U-BOOT Ver 1.00
AP93 (ar7240) U-boot

sri
=====================================================================================================================================
  TAP CALC (read_cnt=512)
----+--------------------------------------------------------------------------------------------------------------------------------
TAP |   0   1   2   3   4   5   6   7   8   9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26  27  28  29  30  31
----+--------------------------------------------------------------------------------------------------------------------------------
FAIL|   0   0   0   0   0   0   0   0   0   0   0   0   0   0   0   0   0 512 512 512 512 512 512 512 512 512 512 512 512 512 512 512

graugans

MACHINE ??= 'udooqdl'
DISTRO ?= 'poky'
PACKAGE_CLASSES ?= "package_ipk"
EXTRA_IMAGE_FEATURES = "debug-tweaks"
DISTRO_FEATURES_remove = "x11 wayland"
USER_CLASSES ?= "buildstats image-mklibs"
PATCHRESOLVE = "noop"
BB_DISKMON_DIRS = "\
    STOPTASKS,${TMPDIR},1G,100K \
    STOPTASKS,${DL_DIR},1G,100K \

graugans

LCONF_VERSION = "6"

BBPATH = "${TOPDIR}"
BSPDIR := "${@os.path.abspath(os.path.dirname(d.getVar('FILE', True)) + '/../..')}"

BBFILES ?= ""
BBLAYERS = " \
  ${BSPDIR}/sources/poky/meta \
  ${BSPDIR}/sources/poky/meta-yocto \
  \

graugans

#!/bin/bash

if ! mount|grep -sq '/sys/kernel/debug'; then
        mount -t debugfs none /sys/kernel/debug
fi

saved_path=$PWD

printf "%-24s %-24s %8s %6s %6s %9s\n" "clock" "parent" "flags" "en_cnt" "pre_cnt" "rate"

graugans

/*
 * Copyright (C) 2016 Love Park Robotics, LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software

graugans

#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <fcntl.h>
#include <stdio.h>
#include <sys/mman.h>

/*
 * Return a random, non predictable file, and return the file descriptor for it.

graugans

How I solved Nebula Level 11

The last few days I solved the first levels of Nebula. Nebula is an exploit exercise which consists of twenty levels. The level zero to eight where no real trouble. The level09 drove me crazy. I never wrote serious php code so I was not able to solve the string injection without cheating. For [level10] I gave up a bit too early as-well, after the first hint about TOCTOU (time-of-use to time-of-check) made me solve this with two simple bash scripts.

For the Level 11 flag cheating was no option for me. This walk through describes how I did solve this exercise. The description of this exercise states the following:

The /home/flag11/flag11 binary processes standard input and executes a shell command.  There are two ways of completing this level, you may wish to do both :-) To do this level, log in as the level11 account with th

graugans

How to solve Nebula 12

This excercise is pretty easy. The password hash is calculated by passing a user controlled string to sha1sum

prog = io.popen("echo "..password.." | sha1sum", "r")

So let's inject some remote shell spawning code.

graugans

#!/usr/bin/env ruby

res = "857:g67?5ABBo:BtDA?tIvLDKL{MQPSRQWW."
dum = 0
res.each_char do |x|
	print (x.ord() -dum).chr
	dum +=1
end