OverTheWire Natas Level 8

1 minute read Nov 7, 2012 Comments
Level 8 of the OverTheWires Natas wargame was pretty simple, as a developer, but could prove more difficult if you don’t have similar background. It starts out with a secret password input. Like other levels, I looked at the source code to see what was going on in the background. Based on this code, you can see that it has a stored secret value, that is base64 encoded, then reversed, and then converted to a hex string.

OverTheWire Natas Level 7

1 minute read Nov 6, 2012 Comments
Finally, with level 7 of OverTheWire’s Natas wargame, we start to get to more “real world” vulnerabilities. It’s still very easy, but it’s at least getting better. We start with a single page, that has 2 navigation links. I noted that the URLs had a “page=” parameter. I thought maybe this would be the file it was including. Viewing the source gave a nice reminder of where the password for the next level would be stored.

OverTheWire Natas Level 6

1 minute read Nov 5, 2012 Comments
The 6th level of the OverTheWire Natas wargame starts introducing us to PHP and server configuration issues. It starts out with a secret password prompt. I took a look at the sourcecode, via the link provided. I decided I would try and see if I could request the “secret.inc” file, and it worked perfectly. After I put in the secret value into the input box, it showed me the password for the next level.

OverTheWire Natas Level 5

1 minute read Nov 4, 2012 Comments
Now that we’re about 1⁄3 through to the end of the OverTheWire Natas wargame, I’m hoping that they start to get a little more tricky. Level 5 unfortunately is still pretty easy. It starts by simply telling you that you’re not logged in. Logins often hand out cookies, so I viewed my cookies for the site. I then used the wonderful Chrome extension, Edit This Cookie, to modify the cookie that I saw it assign, from a “0” to a “1”, signifying that I was logged on.

OverTheWire Natas Level 4

1 minute read Nov 3, 2012 Comments
Level 4 of OverTheWire’s Natas wargame starts a little different than the previous levels. It immediately presents you with an error message. I figured this was going to be due to the HTTP Referer. I guessed that one could solve this by using a proxy or a browser addon, such as Referer Control, but I simply didn’t want to install anything new. I opened a bash window, and simulated my original HTTP GET.

OverTheWire Natas Level 3

1 minute read Nov 2, 2012 Comments
Continuing on with Level 3 of OverTheWire’s Natas wargame, I found the first page, like previous levels, saying that there was nothing on the page. I viewed the source and saw the strange comment about “Not even Google will find it”. After thinking about that for a minute, it clicked that maybe it was because of a “robots.txt” file, which would prevent search engines from finding any files. I then browsed to the “robots.

OverTheWire Natas Level 2

1 minute read Nov 1, 2012 Comments
Level 2 of OverTheWire’s Natas wargame is a little more fun than the previous two. It’s also pretty simple, though. You start out on a page that tells you that there is nothing on it. Like previous levels, I then viewed the source to see what was in the code. It appears that there’s a 1x1 pixel image present on the page. It’s located in a “files” directory of the webserver.

OverTheWire Natas Level 1

1 minute read Oct 31, 2012 Comments
In continuing with the Natas wargame from OverTheWire, I tried my hand at level 1. It too was pretty easy. It was just like the level 0, except that right-clicking was disabled via javascript. You start out by being told that the password can be found on the page that you’re on, just like the last one. If you do try to right-click to view the source, you get a shiny error message stating that it has been blocked.

OverTheWire Natas Level 0

1 minute read Oct 30, 2012 Comments
I recently read that OverTheWire had released a new wargame, so I decided to play for fun. The first level is extremely easy. You are presented with a page that tells you that you are able to find the password on this page. If you then view the source, you can see the password to the next level is in plain text, in an HTML comment.

Sysax 5.64 HTTP Remote Buffer Overflow

2 minute read Jul 28, 2012 Comments
I have discovered a bug in the Sysax Multi-Server application. More specifically, it’s in the HTTP File Server service, which is not enabled by default. It has to be turned on by the admin for this exploit to properly function. The user in question also needs permission to create a directory. In the Sysax service, the configuration would look like this: To trigger this vulnerability is pretty simple. Log into the HTTP File Server:
Page 3 of 8 1 2 3 4 5 6 7 8