OverTheWire Natas Level 12

3 minute read Nov 11, 2012 Comments
The next level to attack in the OverTheWire Natas wargame, is Level 12, which is more “real-world” as well, since developers often forget to limit file extensions. It starts out giving you the option to upload a <1KB file to the server. As with any other challenge, I viewed the source, to analyze it. <html> <head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head> <body> <h1>natas12</h1> <div id="content"> <? function genRandomString() { $length = 10; $characters = "0123456789abcdefghijklmnopqrstuvwxyz"; $string = ""; for ($p = 0; $p < $length; $p++) { $string .
Read more overthewire wargames natas php hacking

OverTheWire Natas Level 11

3 minute read Nov 10, 2012 Comments
Level 11 of the OverTheWire Natas wargames is a good one. It wasn’t one that could instantly be solved either. It involved programming, encryption, and HTTP. All fun! It started with a dialog to set the background color. When you click the “Set Color” button, it sets a cookie in your browser. But as the dialog says, the cookie is protected. I looked at the source code, as I always do.
Read more overthewire wargames natas php xor hacking

OverTheWire Natas Level 10

1 minute read Nov 9, 2012 Comments
On to Level 10 of the OverTheWire Natas wargame! This level is extremely similar to level 9, except that now they are implementing a basic filtering, to prevent you from entering certain characters that could cause changes in the execution of the program. However, their filter is flawed. It starts out just like the last level, with a search dialog. Again, as always, I review the code since it’s available. You can see that it’s using a “preg_match” to try to filter out bad characters.
Read more overthewire wargames commandinjection natas hacking

OverTheWire Natas Level 9

1 minute read Nov 8, 2012 Comments
The next level of OverTheWire’s Nata challenge is Level 9. This is a command injection vulnerability. Initially, you are given a search box. Just like in previous levels, I looked at the available source code. You can see the vulnerability is that the user input is not sanitized. Due to this, you can inject code into the “grep” command it is running to do the search. I simply put in the search box, “; cat /etc/natas_webpass/natas10”, since that is where the password file is located.
Read more overthewire wargames commandinjection natas hacking

OverTheWire Natas Level 8

1 minute read Nov 7, 2012 Comments
Level 8 of the OverTheWires Natas wargame was pretty simple, as a developer, but could prove more difficult if you don’t have similar background. It starts out with a secret password input. Like other levels, I looked at the source code to see what was going on in the background. Based on this code, you can see that it has a stored secret value, that is base64 encoded, then reversed, and then converted to a hex string.
Read more overthewire wargames encoding natas php hacking

OverTheWire Natas Level 7

1 minute read Nov 6, 2012 Comments
Finally, with level 7 of OverTheWire’s Natas wargame, we start to get to more “real world” vulnerabilities. It’s still very easy, but it’s at least getting better. We start with a single page, that has 2 navigation links. I noted that the URLs had a “page=” parameter. I thought maybe this would be the file it was including. Viewing the source gave a nice reminder of where the password for the next level would be stored.
Read more directorytraversal overthewire wargames natas hacking

OverTheWire Natas Level 6

1 minute read Nov 5, 2012 Comments
The 6th level of the OverTheWire Natas wargame starts introducing us to PHP and server configuration issues. It starts out with a secret password prompt. I took a look at the sourcecode, via the link provided. I decided I would try and see if I could request the “secret.inc” file, and it worked perfectly. After I put in the secret value into the input box, it showed me the password for the next level.
Read more overthewire wargames natas includes hacking

OverTheWire Natas Level 5

1 minute read Nov 4, 2012 Comments
Now that we’re about 1/3 through to the end of the OverTheWire Natas wargame, I’m hoping that they start to get a little more tricky. Level 5 unfortunately is still pretty easy. It starts by simply telling you that you’re not logged in. Logins often hand out cookies, so I viewed my cookies for the site. I then used the wonderful Chrome extension, Edit This Cookie, to modify the cookie that I saw it assign, from a “0” to a “1”, signifying that I was logged on.
Read more cookies overthewire wargames natas html hacking

OverTheWire Natas Level 4

1 minute read Nov 3, 2012 Comments
Level 4 of OverTheWire’s Natas wargame starts a little different than the previous levels. It immediately presents you with an error message. I figured this was going to be due to the HTTP Referer. I guessed that one could solve this by using a proxy or a browser addon, such as Referer Control, but I simply didn’t want to install anything new. I opened a bash window, and simulated my original HTTP GET.
Read more overthewire wargames natas hacking

OverTheWire Natas Level 3

1 minute read Nov 2, 2012 Comments
Continuing on with Level 3 of OverTheWire’s Natas wargame, I found the first page, like previous levels, saying that there was nothing on the page. I viewed the source and saw the strange comment about “Not even Google will find it”. After thinking about that for a minute, it clicked that maybe it was because of a “robots.txt” file, which would prevent search engines from finding any files. I then browsed to the “robots.
Read more overthewire wargames natas html hacking
Page 3 of 8 1 2 3 4 5 6 7 8