Tuesday, November 6, 2012

Home directorytraversal hacking natas overthewire wargames OverTheWire Natas Level 7

OverTheWire Natas Level 7

, , , ,
Finally, with level 7 of OverTheWire's Natas wargame, we start to get to more "real world" vulnerabilities.  It's still very easy, but it's at least getting better.

We start with a single page, that has 2 navigation links.
 I noted that the URLs had a "page=" parameter.  I thought maybe this would be the file it was including.  Viewing the source gave a nice reminder of where the password for the next level would be stored.
 I then tried a directory traversal exploit, pointing to the password file for the next level.  It successfully displayed the password.

Labels:
Author Image

Author: Unknown
Waythemes is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design

Follow The Author
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Popular

  • Exploit Exercises - Protostar Stack 5
    Wow, this challenge was a tough one for me. I ran into some huge problems that I had to work out. Considering this is a "standard buf...
  • Buffer Overflow in HexChat 2.9.4
    Buffer Overflow in HexChat 2.9.4
    A buddy of mine, Mulitia , and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low...
  • Using .net to bypass AV
    Using .net to bypass AV
    I've read a ton of articles on bypassing Antivirus software when trying to run shellcode on machines. There's just a ton available....
  • Exploit Exercises - Nebula 01
    Continuing from my previous post, I started tinkering with the next Nebula wargame: Nebula 01 .  This one gives you some C code, which has ...
  • Exploit Exercises - Nebula 02
    In this challenge, we're again provided with the source code to the vulnerable program. Only this time, they're not loading the ...
  • PWB Conclusions and the Future
    PWB Conclusions and the Future
    The results As I posted previously , I was taking the PWB course from Offensive Security . I am happy to report that I passed with ...
  • Sysax Multi Server 6.10 SSH DoS
    Sysax Multi Server 6.10 SSH DoS
    I was recently fuzzing a bunch of SSH servers, hoping to find some remote code execution in a non-mainstream server. I ended up finding no c...
  • Sysax 5.64 HTTP Remote Buffer Overflow
    Sysax 5.64 HTTP Remote Buffer Overflow
    I have discovered a bug in the Sysax Multi-Server application .  More specifically, it's in the HTTP File Server service, which is not e...
  • Canon, Y U NO Security?
    Canon, Y U NO Security?
    I recently bought a new printer at home, so my wife could print coupons without manually attaching to my office printer each time (Thanks...
  • OverTheWire Natas Level 1
    OverTheWire Natas Level 1
    In continuing with the Natas wargame from OverTheWire , I tried my hand at level 1 .  It too was pretty easy.  It was just like the level 0 ...

Recent

Comments