Thursday, November 8, 2012

Home commandinjection hacking natas overthewire wargames OverTheWire Natas Level 9

OverTheWire Natas Level 9

, , , ,
The next level of OverTheWire's Nata challenge is Level 9.  This is a command injection vulnerability.

Initially, you are given a search box.
 Just like in previous levels, I looked at the available source code.  You can see the vulnerability is that the user input is not sanitized.  Due to this, you can inject code into the "grep" command it is running to do the search.
 I simply put in the search box, "; cat /etc/natas_webpass/natas10", since that is where the password file is located.  The command it ends up running is "grep -i ; cat /etc/natas_webpass/natas10 dictionary.txt".  The semi-colon terminates the "grep" command, and allows the "cat" to then run next.  I end up passing in the password file, as well as the dictionary.  In some cases, you may need to end the line with a comment, to keep it from executing, by putting in a "#".  Regardless, after running, you get the password to the next level.

Labels:
Author Image

Author: Unknown
Waythemes is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design

Follow The Author
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Popular

  • Exploit Exercises - Protostar Stack 5
    Wow, this challenge was a tough one for me. I ran into some huge problems that I had to work out. Considering this is a "standard buf...
  • Using .net to bypass AV
    Using .net to bypass AV
    I've read a ton of articles on bypassing Antivirus software when trying to run shellcode on machines. There's just a ton available....
  • Buffer Overflow in HexChat 2.9.4
    Buffer Overflow in HexChat 2.9.4
    A buddy of mine, Mulitia , and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low...
  • Exploit Exercises - Nebula 01
    Continuing from my previous post, I started tinkering with the next Nebula wargame: Nebula 01 .  This one gives you some C code, which has ...
  • Exploit Exercises - Nebula 02
    In this challenge, we're again provided with the source code to the vulnerable program. Only this time, they're not loading the ...
  • PWB Conclusions and the Future
    PWB Conclusions and the Future
    The results As I posted previously , I was taking the PWB course from Offensive Security . I am happy to report that I passed with ...
  • Sysax Multi Server 6.10 SSH DoS
    Sysax Multi Server 6.10 SSH DoS
    I was recently fuzzing a bunch of SSH servers, hoping to find some remote code execution in a non-mainstream server. I ended up finding no c...
  • Sysax 5.64 HTTP Remote Buffer Overflow
    Sysax 5.64 HTTP Remote Buffer Overflow
    I have discovered a bug in the Sysax Multi-Server application .  More specifically, it's in the HTTP File Server service, which is not e...
  • Canon, Y U NO Security?
    Canon, Y U NO Security?
    I recently bought a new printer at home, so my wife could print coupons without manually attaching to my office printer each time (Thanks...
  • OverTheWire Natas Level 1
    OverTheWire Natas Level 1
    In continuing with the Natas wargame from OverTheWire , I tried my hand at level 1 .  It too was pretty easy.  It was just like the level 0 ...

Recent

Comments