Tuesday, November 6, 2012

Home directorytraversal hacking natas overthewire wargames OverTheWire Natas Level 7

OverTheWire Natas Level 7

, , , ,
Finally, with level 7 of OverTheWire's Natas wargame, we start to get to more "real world" vulnerabilities.  It's still very easy, but it's at least getting better.

We start with a single page, that has 2 navigation links.
 I noted that the URLs had a "page=" parameter.  I thought maybe this would be the file it was including.  Viewing the source gave a nice reminder of where the password for the next level would be stored.
 I then tried a directory traversal exploit, pointing to the password file for the next level.  It successfully displayed the password.

Labels:
Author Image

Author: Unknown
Waythemes is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design

Follow The Author
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Popular

  • Using .net to bypass AV
    Using .net to bypass AV
    I've read a ton of articles on bypassing Antivirus software when trying to run shellcode on machines. There's just a ton available....
  • Buffer Overflow in HexChat 2.9.4
    Buffer Overflow in HexChat 2.9.4
    A buddy of mine, Mulitia , and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low...
  • Sysax 5.64 HTTP Remote Buffer Overflow
    Sysax 5.64 HTTP Remote Buffer Overflow
    I have discovered a bug in the Sysax Multi-Server application .  More specifically, it's in the HTTP File Server service, which is not e...
  • Exploit Exercises - Nebula 01
    Continuing from my previous post, I started tinkering with the next Nebula wargame: Nebula 01 .  This one gives you some C code, which has ...
  • PWB Conclusions and the Future
    PWB Conclusions and the Future
    The results As I posted previously , I was taking the PWB course from Offensive Security . I am happy to report that I passed with ...
  • Exploit Exercises - Nebula 02
    In this challenge, we're again provided with the source code to the vulnerable program. Only this time, they're not loading the &q...
  • Sysax Multi Server 6.10 SSH DoS
    Sysax Multi Server 6.10 SSH DoS
    I was recently fuzzing a bunch of SSH servers, hoping to find some remote code execution in a non-mainstream server. I ended up finding no c...
  • OverTheWire Natas Level 5
    OverTheWire Natas Level 5
    Now that we're about 1/3 through to the end of the OverTheWire Natas wargame, I'm hoping that they start to get a little more trick...
  • Origin of the name "Pentium"
    I was reading about x86 assembly, and stumbled upon the origin of the name "Pentium". I never knew it was due to course disallowi...
  • Multiple Hover.com Security Issues
    Multiple Hover.com Security Issues
    I'm a customer of Hover  for my domain name needs. However, that will be changing because I don't believe that they take issues seri...

Recent

Comments