Skip to main content

Posts

Showing posts with the label natas 10

Over the wire Natas Level 10

Over the wire Natas Level 10 Objective: Get password for Level 11 Solution: So here we see an input box and a search button, but this time with this text For security reasons, we now filter on certain characters If we put in anything it searches a dictionary.txt file for the input and displays the output, however if we look in the source code it looks like they are not going to let use a lot of special characters this time if($key != "") {     if(preg_match('/[;|&]/',$key)) {         print "Input contains an illegal character!";     } else {         passthru("grep -i $key dictionary.txt");     } } ?> </pre> Luckily for use we don’t’ need to use any of those special characters to get at the webpass directory using grep So grep man page( http://linuxcommand.org/lc3_man_pages/grep1.html ) NAME        grep, egrep, fgrep, rgrep - print lines matching a pattern SYNOPSIS        grep [OP