Skip to main content

OverTheWire Natas 9

By RoCk StAr DeViL

OverTheWire Natas 9

In mean time waiting for an important result, let me go with  Natas 9 and Natas 10.
The reason I group 2 levels in one post is that Natas 10 is upgraded version of Natas 9 ( there is a more upgraded version that is Natas 16 but i won’t spoil the fun now  ).
Less talk, grab password from previous level and login. We greeted with a words search form. There is the source code :
<html>
<head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head>
<body>
<h1>natas9</h1>
<div id="content">
<form>
Find words containing: <input name=needle><input type=submit name=submit value=Search><br><br>
</form>

Output:
<pre>
<?
$key="";

if(array_key_exists("needle",$_REQUEST)){
    $key=$_REQUEST["needle"];
}

if($key!=""){
    passthru("grep -i $key dictionary.txt");
}
?>
</pre>

<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>
This code takes word that is inserted in search form an search for it in dictionary.txt by using popular Linux tool grep. Don’t know what grep is ?. Read its manual here : http://linux.die.net/man/1/grepFunction passthru of PHP can be considered as a Linux shell that allow us to executes Linux command. -i switch is simply –ignore-case  in search pattern.
OK, let play a bit. Search for hacker, it will output :
hacker
hacker's
hackers
The full command will be :
grep -i hacker dictionary.txt
This code simple concat $key to predefined command, so we have full control in what ever we can insert. Some more information about some special symbols used in shell comand and script : (Full at here http://tldp.org/LDP/abs/html/special-chars.html)
command separator, allow 2 command in one line
# comment, the following command after this symbols will be commented.
. match any type character (regular expression)
* match one or more characters before (regular expression)
So, by using ; we can insert one (or more) arbitray command and by using #, we can comment dictionary.txt  out. We already knew that password for Natas 10 is stored at /etc/natas_webpass/natas10 . Finally, we come up with search word : ; cat /etc/natas_webpass/natas10 # . In this case our command will become:
grep -i ; cat /etc/natas_webpass/natas10 # dictionary.txt
which equivalent to output the content of /etc/natas_webpass/natas10 (cat /etc/natas_webpass/natas10) .  And the result :
s09byvi8880wqhbnonMFMW8byCojm8eA

Comments

Post a Comment

plz add ur comment here

Popular posts from this blog

Upcoming Book- Kali Linux Revealed: Mastering the Penetration Testing Distribution

By RoCk StAr DeViL
More exciting news! In the past year, Kali Linux Official Team has been working internally on an Official Kali Linux book – Kali Linux Revealed: Mastering the Penetration Testing Distribution . This is the first official Kali book from Offsec Press , and is scheduled for release on June 5th, 2017 . Kali Linux Revealed will be available in both hard copy and online formats. Keeping the Kali Linux spirit, the online version of the book will be free of charge, allowing anyone who wishes to hone their skills and improve their knowledge of Kali to do so at no cost. This book, together with our official Kali documentation site will encompass the body of knowledge for the Kali Linux Certified Professional   (KLCP) .
1 comment
Read more

Kali Linux: A complete InfoSec Distro

By RoCk StAr DeViL
BackTrack has always been a popular choice when it comes to security and penetration testing. This open source distro has gained a lot of popularity and was rolled till version 5 with frequent changes to the variants. This project from Offensive Security has been moved from Ubuntu to Debian and the operating system is now renamed as Kali Linux. If you have installed a fresh copy of Kali Linux, then you might have noticed some awesome security and penetration tools under Kali Linux drop down menu list. These tools are powerful and yet efficient to use. If you go through the menu list of security tools, you might have noticed that few like Wireless Attacks, Forensics and Reverse Engineering is added, which is quite impressive. One more section has been added in the list, ie Hardware Hacking. One more thing that you would be happy to see is Arduino kit on the list. Arduino is a single-board microcontroller designed to make the process of using electronics in multi-disciplinary projects mo...
Post a Comment
Read more

EOF of Kali Linux 1.0

By RoCk StAr DeViL
Kali Sana (ver. 2.0) has been out there couple of months ago and the response was great. Kali Moto (ver. 1.0) has been given 2 months of grace period to date the version to 2.0. To upgrade, edit the souces.list file and put the following entries. cat >> EOF < /etc/apt/sources.list deb http://http.kali.org/kali sana main non-free contrib deb http://security.kali.org/kali-security/ sana/updates main contrib non-free EOF Then, run the following command to do upgrade Kali Moto to Kali Sana. apt-get update apt-get dist-upgrade # get a coffee, or 10. reboot
Post a Comment
Read more