Natas10

Website URL: http://overthewire.org/wargames/natas/natas10.html

According to the data on the OverTheWire webpage.

Username: natas10
URL:      http://natas10.natas.labs.overthewire.org

Let’s log into the URL for Natas9

Let’s see the source code.

Looking at the source code, observe that whatever we send in the text box gets passed as a parameter to the grep command. This leaves a huge risk of a command execution.

Let’s take an example. If we send “hello” to the server, the command that gets executed is “grep -i hello”

So, what if we send a text such as ” hello | cat /etc/natas_webpass/natas10″, the command that gets executed is “grep -i hello | cat /etc/natas_webpass/natas10”. It should get us the required password. Let’s try it.

See how risky the lack of input sanitization is!

Password for next level: nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu