Monday, November 5, 2012

Home hacking includes natas overthewire wargames OverTheWire Natas Level 6

OverTheWire Natas Level 6

, , , ,
The 6th level of the OverTheWire Natas wargame starts introducing us to PHP and server configuration issues.

It starts out with a secret password prompt.
 I took a look at the sourcecode, via the link provided.
 I decided I would try and see if I could request the "secret.inc" file, and it worked perfectly.
 After I put in the secret value into the input box, it showed me the password for the next level.
This level teaches that files that contain secrets should never be publicly accessible.  Either put them in server-side code so that they're not rendered, or put them out of the webroot.
Labels:
Author Image

Author: Unknown
Waythemes is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design

Follow The Author
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Popular

  • Exploit Exercises - Protostar Stack 5
    Wow, this challenge was a tough one for me. I ran into some huge problems that I had to work out. Considering this is a "standard buf...
  • Using .net to bypass AV
    Using .net to bypass AV
    I've read a ton of articles on bypassing Antivirus software when trying to run shellcode on machines. There's just a ton available....
  • Buffer Overflow in HexChat 2.9.4
    Buffer Overflow in HexChat 2.9.4
    A buddy of mine, Mulitia , and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low...
  • Exploit Exercises - Nebula 01
    Continuing from my previous post, I started tinkering with the next Nebula wargame: Nebula 01 .  This one gives you some C code, which has ...
  • Exploit Exercises - Nebula 02
    In this challenge, we're again provided with the source code to the vulnerable program. Only this time, they're not loading the ...
  • PWB Conclusions and the Future
    PWB Conclusions and the Future
    The results As I posted previously , I was taking the PWB course from Offensive Security . I am happy to report that I passed with ...
  • Sysax Multi Server 6.10 SSH DoS
    Sysax Multi Server 6.10 SSH DoS
    I was recently fuzzing a bunch of SSH servers, hoping to find some remote code execution in a non-mainstream server. I ended up finding no c...
  • Sysax 5.64 HTTP Remote Buffer Overflow
    Sysax 5.64 HTTP Remote Buffer Overflow
    I have discovered a bug in the Sysax Multi-Server application .  More specifically, it's in the HTTP File Server service, which is not e...
  • Canon, Y U NO Security?
    Canon, Y U NO Security?
    I recently bought a new printer at home, so my wife could print coupons without manually attaching to my office printer each time (Thanks...
  • OverTheWire Natas Level 1
    OverTheWire Natas Level 1
    In continuing with the Natas wargame from OverTheWire , I tried my hand at level 1 .  It too was pretty easy.  It was just like the level 0 ...

Recent

Comments