"hostess is a code-slaying dragon found deep within the core of the earth, unearthing magma and vulnerabilities single handedly while using the other hand to pet his cat"

OverTheWire Natas Level 10

| Comments

On to Level 10 of the OverTheWire Natas wargame! This level is extremely similar to level 9, except that now they are implementing a basic filtering, to prevent you from entering certain characters that could cause changes in the execution of the program. However, their filter is flawed.

It starts out just like the last level, with a search dialog.

Again, as always, I review the code since it’s available. You can see that it’s using a “preg_match” to try to filter out bad characters. This however is flawed still. Instead of a blacklist, it should be a whitelist of only certain values.

Because I can’t complete the command using a semicolon or ampersand, and start a new one, I instead go with the approach of having “grep” just return me the password file as well as the dictionary. I enter, ‘“$” /etc/natas_webpass/natas11’, and it is fairly successful. The “$” tells grep to search for any line that contains a “end of line”. Since pretty much every line will have that, it outputs the entire file. I then include the password file as well as the dictionary, so it reads me both back. This then provides the password to the next level.