Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at

  • SUID files
  • Permissions
  • Race conditions
  • Shell meta-variables
  • $PATH weaknesses
  • Scripting language weaknesses
  • Binary compilation failures

At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.


Downloads are available from the downloads page.

Getting started

Have a look at the levels available on the side bar, and log into the virtual machine as the username “levelXX” with a password of “levelXX” (without quotes), where XX is the level number. Some levels can be done purely remotely.

Getting root

In case you need root access to change stuff (such as key mappings, etc), you can do the following:

Log in as the “nebula” user account with the password “nebula” (both without quotes), followed by “sudo -s” with the password “nebula”. You’ll then have root privileges in order to change whatever needs to be changed.


Fusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms such as:

  • Address Space Layout Randomisation
  • Position Independent Executables
  • Non-executable Memory
  • Source Code Fortification (_DFORTIFY_SOURCE=)
  • Stack Smashing Protection (ProPolice / SSP)

In addition to the above, there are a variety of other challenges and things to explore, such as:

  • Cryptographic issues
  • Timing attacks
  • Variety of network protocols (such as Protocol Buffers and Sun RPC)

At the end of Fusion, the participant will have a through understanding of exploit prevention strategies, associated weaknesses, various cryptographic weaknesses, numerous heap implementations.


You may download Fusion from the downloads page.

Getting started

Have a look at the levels available on the side bar, and pick which ones interest you the most. If in doubt, begin at the start. You can log into the virtual machine with the username of fusion and password godmode

To get root for debugging purposes, do sudo -s with the password of godmode