OverTheWire Natas Level 15

3 minute read Nov 14, 2012 Comments
Up until now, none of the OverTheWire Natas challenges really gave me that much of an issue. This one however, took me a couple hours to complete. Level 15 is a fun blind sql-injection vulnerability. It starts out with a username check dialog, which pretty much only gives you a binary value as to if a username exists or not. I looked at the source code, and couldn’t see any way to inject some SQL to get it to retrieve the password for me.
Read more overthewire wargames natas php sqlinjection hacking

OverTheWire Natas Level 14

2 minute read Nov 13, 2012 Comments
The next level of the OverTheWire Natas wargame is Level 14, which introduces SQL Injection, a very popular subject as of late. The level starts out with a login dialog. The source code is fairly straight forward. It’s doing a basic authentication query. It however, does have a handy “debug” flag, that if set, will print the query used to the screen. <html> <head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head> <body> <h1>natas14</h1> <div id="content"> <?
Read more overthewire wargames natas php sqlinjection hacking