The 6th level of the OverTheWire Natas wargame starts introducing us to PHP and server configuration issues.
It starts out with a secret password prompt.
I took a look at the sourcecode, via the link provided.
I decided I would try and see if I could request the "secret.inc" file, and it worked perfectly.
After I put in the secret value into the input box, it showed me the password for the next level.
This level teaches that files that contain secrets should never be publicly accessible. Either put them in server-side code so that they're not rendered, or put them out of the webroot.
Monday, November 5, 2012
OverTheWire Natas Level 6
Labels:
hacking
includes
natas
overthewire
wargames
linux linux linux
OverTheWire Monxla Part 3Nov 26, 2012
OverTheWire Monxla Part 2Nov 25, 2012
OverTheWire Monxla Part 1Nov 24, 2012
Author: Unknown
Waythemes is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design
Labels:
hacking,
includes,
natas,
overthewire,
wargames
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment