AlfaLogic

Veni, Vidi, Vici!

NatasOverTheWire

Natas10

alfamyk

Website URL: http://overthewire.org/wargames/natas/natas10.html

According to the data on the OverTheWire webpage.

Username: natas10
URL:      http://natas10.natas.labs.overthewire.org

Let’s log into the URL for Natas9

Fig. 1

Let’s see the source code.

Fig. 2

Looking at the source code, observe that whatever we send in the text box gets passed as a parameter to the grep command. This leaves a huge risk of a command execution.

Let’s take an example. If we send “hello” to the server, the command that gets executed is “grep -i hello”

So, what if we send a text such as ” hello | cat /etc/natas_webpass/natas10″, the command that gets executed is “grep -i hello | cat /etc/natas_webpass/natas10”. It should get us the required password. Let’s try it.

Fig. 3

See how risky the lack of input sanitization is!

Password for next level: nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

You May Also Like

Bandit13

alfamyk

Natas13

alfamyk

Bandit5

alfamyk

Leave a Reply

Your email address will not be published. Required fields are marked *