OverTheWire Natas Level 15

3 minute read Nov 14, 2012 Comments
Up until now, none of the OverTheWire Natas challenges really gave me that much of an issue. This one however, took me a couple hours to complete. Level 15 is a fun blind sql-injection vulnerability. It starts out with a username check dialog, which pretty much only gives you a binary value as to if a username exists or not. I looked at the source code, and couldn’t see any way to inject some SQL to get it to retrieve the password for me.

OverTheWire Natas Level 14

2 minute read Nov 13, 2012 Comments
The next level of the OverTheWire Natas wargame is Level 14, which introduces SQL Injection, a very popular subject as of late. The level starts out with a login dialog. The source code is fairly straight forward. It’s doing a basic authentication query. It however, does have a handy “debug” flag, that if set, will print the query used to the screen. <html> <head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head> <body> <h1>natas14</h1> <div id="content"> <?