On to Level 10 of the OverTheWire Natas wargame! This level is extremely similar to level 9, except that now they are implementing a basic filtering, to prevent you from entering certain characters that could cause changes in the execution of the program. However, their filter is flawed.
It starts out just like the last level, with a search dialog.
Again, as always, I review the code since it's available. You can see that it's using a "preg_match" to try to filter out bad characters. This however is flawed still. Instead of a blacklist, it should be a whitelist of only certain values.
Because I can't complete the command using a semicolon or ampersand, and start a new one, I instead go with the approach of having "grep" just return me the password file as well as the dictionary. I enter, '"$" /etc/natas_webpass/natas11', and it is fairly successful. The "$" tells grep to search for any line that contains a "end of line". Since pretty much every line will have that, it outputs the entire file. I then include the password file as well as the dictionary, so it reads me both back. This then provides the password to the next level.
Friday, November 9, 2012
OverTheWire Natas Level 10
Labels:
commandinjection
hacking
natas
overthewire
wargames
wargames
Author: Unknown
Waythemes is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design
Labels:
commandinjection,
hacking,
natas,
overthewire,
wargames
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment