{"id":20802633,"url":"https://github.com/andreiglesias/snow-crash","last_synced_at":"2025-05-07T22:41:30.263Z","repository":{"id":83157462,"uuid":"603111307","full_name":"AndreIglesias/snow-crash","owner":"AndreIglesias","description":"Cybersecurity challenge series to develop skills in penetration testing, reverse engineering, and exploit development.","archived":false,"fork":false,"pushed_at":"2024-04-13T00:50:39.000Z","size":5005,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-31T14:59:11.748Z","etag":null,"topics":["ctf","ctf-writeups","cybersecurity","exploit","pentesting","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/AndreIglesias.png","metadata":{"files":{"readme":"docs/README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-17T16:33:34.000Z","updated_at":"2024-04-13T00:50:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"322740f2-aecd-4482-a6d3-eba6ffd81521","html_url":"https://github.com/AndreIglesias/snow-crash","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndreIglesias%2Fsnow-crash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndreIglesias%2Fsnow-crash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndreIglesias%2Fsnow-crash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/AndreIglesias%2Fsnow-crash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/AndreIglesias","download_url":"https://codeload.github.com/AndreIglesias/snow-crash/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252967971,"owners_count":21833244,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf","ctf-writeups","cybersecurity","exploit","pentesting","reverse-engineering"],"created_at":"2024-11-17T18:33:52.796Z","updated_at":"2025-05-07T22:41:30.243Z","avatar_url":"https://github.com/AndreIglesias.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SnowCrash\nWelcome to SnowCrash, a cybersecurity challenge series designed to develop skills in penetration testing, reverse engineering, and exploit development. In SnowCrash, you'll encounter various security vulnerabilities found in real-world scenarios, ranging from weak password storage mechanisms to web application vulnerabilities and beyond.\n\n\n```\n\t   _____                      _____               _\n\t  / ____|                    / ____|             | |\n\t | (___  _ __   _____      _| |     _ __ __ _ ___| |__\n\t  \\___ \\| '_ \\ / _ \\ \\ /\\ / / |    | '__/ _` / __| '_ \\\n\t  ____) | | | | (_) \\ V  V /| |____| | | (_| \\__ \\ | | |\n\t |_____/|_| |_|\\___/ \\_/\\_/  \\_____|_|  \\__,_|___/_| |_|\n\n```\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/AndreIglesias/snow-crash/assets/35022933/f08de1fd-7860-4727-844a-580183d73be1\" width=\"20%\"/\u003e \n  \u003cimg src=\"https://github.com/AndreIglesias/snow-crash/assets/35022933/4861045f-fc69-4a3d-9708-496c341df7bd\" width=\"40%\"/\u003e\n\u003c/p\u003e\n\n## Technical Focus\n\nSnowCrash covers a broad spectrum of cybersecurity areas, including:\n\n- **Cryptography**: Decrypting passwords and deciphering substitution ciphers.\n- **Network Security**: Analyzing network traffic using packet capture tools like `tshark`.\n- **Web Application Security**: Exploiting web server vulnerabilities to execute arbitrary commands.\n- **Binary Exploitation**: Reverse engineering and exploiting compiled executables to bypass access controls and execute unauthorized commands.\n- **Scripting and Automation**: Crafting scripts in languages like Bash and PHP to automate exploit steps and retrieve flags.\n- **Security Tools**: Utilizing penetration testing tools like **John the Ripper** for password cracking and **curl** for web exploitation.\n\n## Exploit Methodologies\n\nEach level in SnowCrash presents a unique challenge requiring you to employ various exploit methodologies, including:\n\n- **Password Cracking**: Using brute-force or dictionary attacks to crack weak passwords.\n- **Command Injection**: Injecting malicious commands into vulnerable applications to execute unauthorized actions.\n- **Symbolic Link Attacks**: Exploiting symbolic links to bypass file access restrictions.\n- **Hexadecimal Manipulation**: Decoding and manipulating hexadecimal data to retrieve sensitive information.\n\n## Challenge Structure\n\nExplore the directories for each level to find detailed READMEs and scripts providing step-by-step instructions on how to exploit the vulnerabilities and retrieve the flags.\n\n## ssh connection\nTo connect through SSH to a level, run the ssh command with the *level number* and *ip address* as parameters.\n\n### Examples\n```bash\nssh level00@localhost -p 4242\n```\n## Run\nTo run the script in `levelXX/resources/` that will give you the flag, you have to change the IP address and port in the Dockerfile to be able to connect with ssh inside the running script:\n```bash\nCMD [\"./flag00.sh\", \"192.168.122.1\", \"4243\"]\n```\nThen to run the Dockerfile (that will run the flag.sh inside a container) you can do:\n```bash\n./run.sh\n# or\ndocker build --progress=plain -t flag00-cont . \u0026\u0026 docker run --network host -it flag00-cont\n```\n\n## levelX\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/AndreIglesias/snow-crash/assets/35022933/66b52885-836c-4916-aac2-d607c98e5454\"/\u003e \n\u003c/p\u003e\n\nYou can hack the entire machine with [CVE-2016-5195](https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails) (Dirty COW). This is a privilege escalation vulnerability in the Linux Kernel that will allows us to create a privileged user that we can use to access to every *flag user* and obtain every flag.\n\n## From root user\n```bash\nfor i in {0..14}; do usr=$(printf \"flag%0.2d\\n\" $i); echo -n \"$usr: \"; su $usr -c \"/bin/getflag\"; done\nflag00: Check flag.Here is your token : x24ti5gi3x0ol2eh4esiuxias\nflag01: Check flag.Here is your token : f2av5il02puano7naaf6adaaf\nflag02: Check flag.Here is your token : kooda2puivaav1idi4f57q8iq\nflag03: Check flag.Here is your token : qi0maab88jeaj46qoumi7maus\nflag04: Check flag.Here is your token : ne2searoevaevoem4ov4ar8ap\nflag05: Check flag.Here is your token : viuaaale9huek52boumoomioc\nflag06: Check flag.Here is your token : wiok45aaoguiboiki2tuin6ub\nflag07: Check flag.Here is your token : fiumuikeil55xe9cu4dood66h\nflag08: Check flag.Here is your token : 25749xKZ8L7DkSCwJkT9dyv6f\nflag09: Check flag.Here is your token : s5cAJpM8ev6XHw998pRWG728z\nflag10: Check flag.Here is your token : feulo4b72j7edeahuete3no7c\nflag11: Check flag.Here is your token : fa6v5ateaw21peobuub8ipe6s\nflag12: Check flag.Here is your token : g1qKMiRpXf53AWhDaU7FEkczr\nflag13: Check flag.Here is your token : 2A31L79asukciNyi8uppkEuSx\nflag14: Check flag.Here is your token : 7QiHafiNa3HVozsaXkawuYrTstxbpABHD8CPnHJ\n```\n\n![Note](note.png)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreiglesias%2Fsnow-crash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreiglesias%2Fsnow-crash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreiglesias%2Fsnow-crash/lists"}