OverTheWire Natas Level 15

3 minute read Nov 14, 2012 Comments
Up until now, none of the OverTheWire Natas challenges really gave me that much of an issue. This one however, took me a couple hours to complete. Level 15 is a fun blind sql-injection vulnerability. It starts out with a username check dialog, which pretty much only gives you a binary value as to if a username exists or not. I looked at the source code, and couldn’t see any way to inject some SQL to get it to retrieve the password for me.
Read more overthewire wargames natas php sqlinjection hacking

OverTheWire Natas Level 14

2 minute read Nov 13, 2012 Comments
The next level of the OverTheWire Natas wargame is Level 14, which introduces SQL Injection, a very popular subject as of late. The level starts out with a login dialog. The source code is fairly straight forward. It’s doing a basic authentication query. It however, does have a handy “debug” flag, that if set, will print the query used to the screen. <html> <head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head> <body> <h1>natas14</h1> <div id="content"> <?
Read more overthewire wargames natas php sqlinjection hacking

OverTheWire Natas Level 13

3 minute read Nov 12, 2012 Comments
Level 13 of OverTheWire’s Natas wargame is extremely similar to Level 12. The only difference now, is that it’s validating that the file is in fact an image. This however is flawed, as exif data can be faked. It starts out with a similar upload prompt as last time. The source code is super similar to last time. <html> <head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head> <body> <h1>natas13</h1> <div id="content"> For security reasons, we now only accept image files!
Read more overthewire wargames exif natas php hacking

OverTheWire Natas Level 12

3 minute read Nov 11, 2012 Comments
The next level to attack in the OverTheWire Natas wargame, is Level 12, which is more “real-world” as well, since developers often forget to limit file extensions. It starts out giving you the option to upload a <1KB file to the server. As with any other challenge, I viewed the source, to analyze it. <html> <head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head> <body> <h1>natas12</h1> <div id="content"> <? function genRandomString() { $length = 10; $characters = "0123456789abcdefghijklmnopqrstuvwxyz"; $string = ""; for ($p = 0; $p < $length; $p++) { $string .
Read more overthewire wargames natas php hacking

OverTheWire Natas Level 11

3 minute read Nov 10, 2012 Comments
Level 11 of the OverTheWire Natas wargames is a good one. It wasn’t one that could instantly be solved either. It involved programming, encryption, and HTTP. All fun! It started with a dialog to set the background color. When you click the “Set Color” button, it sets a cookie in your browser. But as the dialog says, the cookie is protected. I looked at the source code, as I always do.
Read more overthewire wargames natas php xor hacking

OverTheWire Natas Level 8

1 minute read Nov 7, 2012 Comments
Level 8 of the OverTheWires Natas wargame was pretty simple, as a developer, but could prove more difficult if you don’t have similar background. It starts out with a secret password input. Like other levels, I looked at the source code to see what was going on in the background. Based on this code, you can see that it has a stored secret value, that is base64 encoded, then reversed, and then converted to a hex string.
Read more overthewire wargames encoding natas php hacking