root
/
public
mirror of https://github.com/01-edu/public.git
8
9
Fork 0
Code Issues 2 Projects Releases Wiki Activity

Compare commits

compare.compare_base: root:1b66d61591890b1bc2983beff75c236fcb1e0eff
Branches Tags
root:1124-swap-args-test
root:1148-concat-2-arguments
root:1153-word-abbreviate
root:1155-to-camelcase
root:1164-findmissingnumber
root:1258-canyoucount
root:1266-ascii
root:CON-1801-MARKDOWN-Remove-VirtualBox-restriction-from-projects-with-generic-.iso-VM-images
root:CON-1805-drawing-raid-for-Java-piscine
root:CON-1836-MARKDOWN-Fix-virtualisation-linux-project
root:CON-1843-Fix-virtualization-Connect-project
root:CON-1857-Fix-virtualisation-for-the-remote-project
root:CON-1929-Wrong-id-in-audit-atm-management-system
root:CON-1940-update-tests-of-quest-6-RegexReplace-exercise-and-fix-minor-issue-in-the-subject
root:CON-1994-Update-subjects-with-rand-crate-dependency
root:CON-2175-Markdown-create-subject-for-Freeze-exercise
root:CON-2176-Tests-create-test-for-freeze-exercise
root:CON-2195-Markdown-create-subject-for-jabs-subject
root:CON-2196-Tests-create-test-for-jabs-subject
root:CON-2198-MARKDOWN-create-subject-of-more-exercise
root:CON-2199-TESTS-create-test-of-more-exercise
root:CON-2209-MARKDOWN-create-subject-for-less-exercise
root:CON-2210-TESTS-add-test-of-less-exercise
root:CON-2212-MARKDOWN-add-subject-for-add-exercise
root:CON-2213-TESTS-add-test-for-add-exercise
root:CON-2229-MARKDOWN-create-suffix-subject
root:CON-2232-MARKDOWN-create-wave-subject
root:CON-2233-TESTS-create-wave-test
root:CON-2238-MARKDOWN-add-subject-of-sub-exercise
root:CON-2239-TESTS-add-test-of-sub-exercise
root:CON-2241-MARKDOWN-create-vowelSign-subject
root:CON-2242-TESTS-create-vowelSign-tests
root:CON-2244-MARKDOWN-create-splitStringIntoPairs-Subject
root:CON-2245-TEST-create-splitStringIntoPairs-tests
root:CON-2247-MARKDOWN-create-subject-of-sortBydir
root:CON-2248-TESTS-create-Tests-of-sortBydir
root:CON-2250-MARKDOWN-create-oneMatch-Subject
root:CON-2253-MARKDOWN-create-asterisksfirst-subject
root:CON-2254-MARKDOWN-create-numberOfLetters-subject
root:CON-2277-add-subject-and-audit-for-play-with-containers-py
root:CON-2280-add-subject-and-audit-for-orchestrator-py
root:CON-2520-checkpoints-group-1
root:CON-2529-Markdown-Doop-exercise
root:CON-2565-Markdown-Palindrom-exercise
root:CON-2626-exercise-findspairs-readme
root:CON-2641-new-exercise-canjump-readme
root:CON-2660-update-gcd-subject
root:CON-2684-update-mock-server-for-stock-market
root:CON-697-Singleton
root:CON-878-setup-exercise
root:DEV-3198-new-go-exercise-get-digit-len
root:DEV-3202-new-go-exercicse-be-zero
root:DEV-3241-DEV-3242-corewar
root:DEV-3376-pointers-drop-the-thread-multiple-issues
root:DEV-3377-new-go-exercise-swap-first
root:DEV-3378-new-go-exercise-year-quarter
root:DEV-3409-new-go-exercise-print-if
root:DEV-3932-lamp-in-the-dark
root:DEV-3972-prepare-blockchain-branch-subjects
root:DEV-4049-remove-alcohol-terminology
root:DEV-4191-DeepInSystem
root:DEV-4199-make-test-environment-compatible-with-python-exercises
root:DEV-4397-piscine-ai-missing-file-for-ex-7-of-nlp
root:DEV-4415-crud-master-api-definition
root:DEV-4541-Go-go-reloaded-synchronous-project-reveiw
root:DEV-4741-bug-scripting-piscine-quest-4-division
root:DEV-4914-Release-User-Experience-Content
root:content-update
root:count-character
root:dependabot/pip/subjects/mobile-dev/stock-market/resources/mock-stock-data-server/jinja2-3.1.4
root:dependabot/pip/subjects/mobile-dev/stock-market/resources/mock-stock-data-server/werkzeug-3.0.3
root:fixDevirged
root:is-negative
root:master
root:revert-2104-CON-1813-MARKDOWN-chaikin-raid-for-java-piscine
root:subject-issamestring
root:update-quest-08-exercises-description-c-150
root:vo
...
compare.compare_head: root:0830838bfe0c19f78d8f39f802b82ac45c34e018
Branches Tags
root:1124-swap-args-test
root:1148-concat-2-arguments
root:1153-word-abbreviate
root:1155-to-camelcase
root:1164-findmissingnumber
root:1258-canyoucount
root:1266-ascii
root:CON-1801-MARKDOWN-Remove-VirtualBox-restriction-from-projects-with-generic-.iso-VM-images
root:CON-1805-drawing-raid-for-Java-piscine
root:CON-1836-MARKDOWN-Fix-virtualisation-linux-project
root:CON-1843-Fix-virtualization-Connect-project
root:CON-1857-Fix-virtualisation-for-the-remote-project
root:CON-1929-Wrong-id-in-audit-atm-management-system
root:CON-1940-update-tests-of-quest-6-RegexReplace-exercise-and-fix-minor-issue-in-the-subject
root:CON-1994-Update-subjects-with-rand-crate-dependency
root:CON-2175-Markdown-create-subject-for-Freeze-exercise
root:CON-2176-Tests-create-test-for-freeze-exercise
root:CON-2195-Markdown-create-subject-for-jabs-subject
root:CON-2196-Tests-create-test-for-jabs-subject
root:CON-2198-MARKDOWN-create-subject-of-more-exercise
root:CON-2199-TESTS-create-test-of-more-exercise
root:CON-2209-MARKDOWN-create-subject-for-less-exercise
root:CON-2210-TESTS-add-test-of-less-exercise
root:CON-2212-MARKDOWN-add-subject-for-add-exercise
root:CON-2213-TESTS-add-test-for-add-exercise
root:CON-2229-MARKDOWN-create-suffix-subject
root:CON-2232-MARKDOWN-create-wave-subject
root:CON-2233-TESTS-create-wave-test
root:CON-2238-MARKDOWN-add-subject-of-sub-exercise
root:CON-2239-TESTS-add-test-of-sub-exercise
root:CON-2241-MARKDOWN-create-vowelSign-subject
root:CON-2242-TESTS-create-vowelSign-tests
root:CON-2244-MARKDOWN-create-splitStringIntoPairs-Subject
root:CON-2245-TEST-create-splitStringIntoPairs-tests
root:CON-2247-MARKDOWN-create-subject-of-sortBydir
root:CON-2248-TESTS-create-Tests-of-sortBydir
root:CON-2250-MARKDOWN-create-oneMatch-Subject
root:CON-2253-MARKDOWN-create-asterisksfirst-subject
root:CON-2254-MARKDOWN-create-numberOfLetters-subject
root:CON-2277-add-subject-and-audit-for-play-with-containers-py
root:CON-2280-add-subject-and-audit-for-orchestrator-py
root:CON-2520-checkpoints-group-1
root:CON-2529-Markdown-Doop-exercise
root:CON-2565-Markdown-Palindrom-exercise
root:CON-2626-exercise-findspairs-readme
root:CON-2641-new-exercise-canjump-readme
root:CON-2660-update-gcd-subject
root:CON-2684-update-mock-server-for-stock-market
root:CON-697-Singleton
root:CON-878-setup-exercise
root:DEV-3198-new-go-exercise-get-digit-len
root:DEV-3202-new-go-exercicse-be-zero
root:DEV-3241-DEV-3242-corewar
root:DEV-3376-pointers-drop-the-thread-multiple-issues
root:DEV-3377-new-go-exercise-swap-first
root:DEV-3378-new-go-exercise-year-quarter
root:DEV-3409-new-go-exercise-print-if
root:DEV-3932-lamp-in-the-dark
root:DEV-3972-prepare-blockchain-branch-subjects
root:DEV-4049-remove-alcohol-terminology
root:DEV-4191-DeepInSystem
root:DEV-4199-make-test-environment-compatible-with-python-exercises
root:DEV-4397-piscine-ai-missing-file-for-ex-7-of-nlp
root:DEV-4415-crud-master-api-definition
root:DEV-4541-Go-go-reloaded-synchronous-project-reveiw
root:DEV-4741-bug-scripting-piscine-quest-4-division
root:DEV-4914-Release-User-Experience-Content
root:content-update
root:count-character
root:dependabot/pip/subjects/mobile-dev/stock-market/resources/mock-stock-data-server/jinja2-3.1.4
root:dependabot/pip/subjects/mobile-dev/stock-market/resources/mock-stock-data-server/werkzeug-3.0.3
root:fixDevirged
root:is-negative
root:master
root:revert-2104-CON-1813-MARKDOWN-chaikin-raid-for-java-piscine
root:subject-issamestring
root:update-quest-08-exercises-description-c-150
root:vo

4 Commits
1b66d61591 ... 0830838bfe

Author SHA1 Message Date
nprimo 0830838bfe docs(cybersecurity): add SHA1 for the newly added VM
2 weeks ago
nprimo 21fbea830d docs(cybersecurity): clarify that the extra VM provided are for Apple Silicon compatibility
2 weeks ago
nprimo 782f2c7dd6 docs(hole-in-bin): add UTM VM to the subject
2 weeks ago
nprimo 3baf13de6e docs(local): update subject adding utm VM link
2 weeks ago
4 changed files with 31 additions and 17 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats
  1. 7
      subjects/cybersecurity/hole-in-bin/README.md
  2. 16
      subjects/cybersecurity/hole-in-bin/audit/README.md
  3. 13
      subjects/cybersecurity/local/README.md
  4. 12
      subjects/cybersecurity/local/audit/README.md

7
subjects/cybersecurity/hole-in-bin/README.md
unescape_control_characters View File

@ -1,4 +1,4 @@
# Hole-In-Bin
## Hole-In-Bin
<center>
<img src="./pictures/meme.png?raw=true" style = "width: 600px !important; height: 737px !important;"/>
@ -10,9 +10,10 @@ This exercise is designed to test your skills and understanding of binary exploi
### Setup
1. Download the virtual machine image [hole-in-bin.ova](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.ova). This image contains all the binaries you will need to exploit.
1. Download the virtual machine image [hole-in-bin.ova](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.ova). For machine running with Apple Silicon CPU or ARM architecture (e.g. M1, M2 ...) use the following [hole-in-bin.utm.zip](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.utm.zip). This image contains all the binaries you will need to exploit.
SHA1: 7db09b7a8fdfe25c286561dfa7ca5b50718bd60c
SHA1 for `hole-in-bin.ova`: 7db09b7a8fdfe25c286561dfa7ca5b50718bd60c
SHA1 for `hole-in-bin.utm.zip`: fc93533b2054d10d03b09d53c223e57bf7ac7b62
2. Load the virtual machine image into your virtualization software of choice (e.g., VirtualBox, VMWare).

16
subjects/cybersecurity/hole-in-bin/audit/README.md
unescape_control_characters View File

@ -7,11 +7,21 @@
###### Are all the required files present?
##### Setup the virtual machine:
##### Set up the virtual machine:
1. Download the virtual machine image [hole-in-bin.ova](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.ova). This image contains all the binaries you will need for the audit.
1. Download the virtual machine image [hole-in-bin.ova](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.ova).
For machine using Apple Silicon or equivalent get [hole-in-bin.utm.zip](https://assets.01-edu.org/cybersecurity/hole-in-bin/hole-in-bin.utm.zip).
This image contains all the binaries you will need for the audit.
SHA1: 7db09b7a8fdfe25c286561dfa7ca5b50718bd60c
SHA1 for `hole-in-bin.ova`: 7db09b7a8fdfe25c286561dfa7ca5b50718bd60c
SHA1 for `hole-in-bin.utm.zip`: fc93533b2054d10d03b09d53c223e57bf7ac7b62
> If it's already downloaded in the student machine, please check the SHA1 running the following command
```console
$ sha1sum <filename>
<SHA1>
```
2. Load the virtual machine image into your virtualization software of choice (e.g., VirtualBox, VMWare).

13
subjects/cybersecurity/local/README.md
unescape_control_characters View File

@ -1,4 +1,4 @@
# Local
## Local
### Guideline
@ -7,14 +7,15 @@ You have to install it locally in VirtualBox And then found a way to go inside i
There will be no visible IP address, you must find a way to get it.
You have to become root and get the flag.
- [01-Local1.ova](https://assets.01-edu.org/cybersecurity/local/01-Local.ova)
- SHA1: f3422f3364fd38e8183740f8f57fa951d3f6e0bf
- [01-Local1.ova](https://assets.01-edu.org/cybersecurity/local/01-Local.ova). For machine running with Apple Silicon CPU or ARM architecture (e.g. M1, M2 ...) use the following [01-Local1.utm.zip](https://assets.01-edu.org/cybersecurity/local/01-Local1.utm.zip)
SHA1 for `01-Local1.ova`: f3422f3364fd38e8183740f8f57fa951d3f6e0bf
SHA1 for `01-Local1.utm.zip`: d4a40ca50044778ddc01a57ac16382e4140000e0
- The modification in GRUB or in the VM to get the root access is forbidden!
### Advice
https://en.wikipedia.org/wiki/Privilege_escalation
Read about [privilege escalation](https://en.wikipedia.org/wiki/Privilege_escalation).
### Submission and audit
@ -22,8 +23,8 @@ https://en.wikipedia.org/wiki/Privilege_escalation
Files that must be inside your repository:
- a README.md file, Which explains all the steps you went through in order to reach root access.
- A README.md file, Which explains all the steps you went through in order to reach root access.
Don’t hesitate to double check the names of your folders and files to ensure they are correct!
Don’t hesitate to double-check the names of your folders and files to ensure they are correct!
> ⚠ These methods and tools are for educational purposes only, so that you have a better understanding of how to protect against similar vulnerabilities. You must ensure that you do not attempt any exploit-type activity without the explicit permission of the owner of the machine, system or application. Failure to obtain permission risks breaking the law.

12
subjects/cybersecurity/local/audit/README.md
unescape_control_characters View File

@ -12,17 +12,19 @@ Files that must be inside your repository:
###### Is the student able to explain clearly what Privilege Escalation means?
##### Install 01-Local1.ova in VirtualBox
##### Set up the virtual machine
Get [01-Local1.ova](https://assets.01-edu.org/cybersecurity/local/01-Local.ova)
Get [01-Local1.ova](https://assets.01-edu.org/cybersecurity/local/01-Local.ova).
For machine using Apple Silicon or equivalent get [01-Local1.utm.zip](https://assets.01-edu.org/cybersecurity/local/01-Local1.utm.zip).
The SHA1 is: f3422f3364fd38e8183740f8f57fa951d3f6e0bf
SHA1 for `01-Local1.ova`: f3422f3364fd38e8183740f8f57fa951d3f6e0bf
SHA1 for `01-Local1.utm.zip`: d4a40ca50044778ddc01a57ac16382e4140000e0
> If it's already downloaded in the student machine, please check the SHA1 running the following command
```console
$ sha1sum 01-Local1.ova
f3422f3364fd38e8183740f8f57fa951d3f6e0bf 01-Local1.ova
$ sha1sum <filename>
<SHA1>
```
###### Is the SHA1 the expected one?

Write Preview
Loading…
Cancel
Save