This repository contains my solutions and detailed writeups for the Snow Crash project, an introductory cybersecurity challenge from the 42 curriculum.
The project consists of a series of 14 levels, each designed to teach a different security concept. The goal is to start as a low-privilege user (levelXX) and find a vulnerability to gain access to the corresponding high-privilege account (flagXX). Once access is gained, the getflag command reveals the token needed to access the next level.
The solutions for each level are organized into their own directories, as required by the project subject:
levelXX/flag: A file containing the token retrieved for that level.levelXX/resources/README.md: The detailed, step-by-step writeup explaining the vulnerability, the exploitation process, and the conclusion for that level.
Here is an overview of the concepts covered in each level. You can click the level number to go directly to the full writeup.
| Level | Core Concept / Vulnerability | Tools & Techniques Used |
|---|---|---|
| Level00 | Basic Cryptanalysis & Filesystem Exploration | find, ROT Cipher, C++ (Decryption) |
| Level01 | Legacy Password Cracking | DES crypt hash, /etc/passwd, Dictionary Attack, C++ (crypt()) |
| Level02 | Network Traffic Analysis | PCAP File, tshark, Hex/ASCII Decoding (Backspace), SCP, Vagrant |
| Level03 | Privilege Escalation (SUID) | SUID Binary, PATH Environment Variable Manipulation |
| Level04 | Web Command Injection | Perl CGI Script, Backtick (`) Injection, curl |
| Level05 | Cron Job Exploitation | Cron Task Analysis, Insecure Shell Script, /tmp Directory |
| Level06 | PHP Code Injection | preg_replace /e Modifier, String Interpolation (${...}), SUID Binary |
| Level07 | Environment Variable Injection | SUID Binary, getenv(), system() call, LOGNAME variable |
| Level08 | Path Traversal / Symlink Attack | SUID Binary, strstr Check Bypass, Symbolic Links (ln -s) |
| Level09 | Custom Cipher Reverse Engineering | Positional Cipher, Known-Plaintext Attack, C (Decryption) |
| Level10 | TOCTOU Race Condition | SUID Binary, access() vs open() Discrepancy, Symlink Swapping |
| Level11 | Network Service Command Injection | Lua Service, io.popen(), Command Injection, Reverse Shell, netcat |
| Level12 | Command Injection (Sanitization Bypass) | Perl CGI, Nested Backticks, Wildcard (*) Execution |
| Level13 | UID Check Bypass | SUID Binary, getuid() Check, Binary Analysis, Vagrant (User creation) |
| Level14 | Advanced Reverse Engineering | Anti-Debugging (ptrace), LD_PRELOAD Check, UID-based Auth |
snow-crash/
├── README.md
├── snow-crash.gif
└── level00-14/
├── flag # Retrieved token
└── resources/
├── README.md # Detailed writeup
└── [exploit files] # Scripts, code, tools
This repository is for educational purposes only, documenting my work on the 42 curriculum. These solutions are intended as a reference for students who have already completed or are actively working on the project.