• Go through the challenges at https://exploit-exercises.com/nebula/ From Sue about todays tutorial... CSC427 Tutorial 4 ? Challenges ALTHOUGH THE CAMPUS IS CLOSED TODAY, YOU CAN WORK ON THE CHALLENGE FROM HOME. You can download the VM we were going to work on from https://exploit-exercises.com/download/ Where it says Download exploit-exercises-nebula-5.iso from the Nebula Google Drive directory [drive.google.com]. I hope you have all made use of the free Vmware packages offered. create a new VM, Choose : Use an iso image and choose exploit-exercises-nebula-5.iso as the image Choose linux as the OS Name the VM nebula (or whatever you want Choose a disk size of approx 10G Customize hardware, and choose Host Only for the network card When you star the VM, choose the first setting: Live ? INTENDED OUTCOMES: https://exploit-exercises.com [exploit-exercises.com] states: Nebula covers a variety of simple and intermediate challenges that cover Linux privilege escalation, common scripting language issues, and file system race conditions. By the end of this tutorial you should be able to identify common errors in file permissions, and in scripting languages, and you should be able to exploit these to escalate privileges. In some of the challenges, you are trying to get privilege escalation. This would also be something you would be trying to do, if you were given a compromised computer, and you were trying to see what had been done to the computer. � As you go through the challenges, start writing or collecting useful scripts or commands. SUBMISSION: Please email Sue ( sue.mcglashan@utoronto.ca) with: The highest level you got to A short explanation (or just the command line) to explain how you ran getflag at each level. The challenges are described at: https://exploit-exercises.com/nebula/ [exploit-exercises.com] Hints: If you are stuck, there is very useful help at http://cybergibbons.com/uncategorized/nebula-exploit-exercises-walkthrough-level00 [cybergibbons.com]/ etc. If you use the help, please record which exercises you completed with help, and which you completed yourself. You should not need more than 5 minutes for each beginning exercise. If it is taking too long, and you cannot work out the solution, then the hint is useful ? but only if you actually complete each challenge.