Over the wire Natas Level 9 Objective: Get password for Level 10 Solution: So here we see a input box and a search button If we put in anything it searches a dictionary.txt file for the input and displays the output Let’s check out the source code for anything interesting. <pre> <? $key = ""; if(array_key_exists("needle", $_REQUEST)) { $key = $_REQUEST["needle"]; } if($key != "") { passthru("grep -i $key dictionary.txt"); } ?> </pre> Ok so it literally just greps the file for the keyword entered, the only check it does is to see if the key is empty I bet we can pipe the input field to get it to return data Let try an ls to see if we can pass directly to the shell like we think dog & ls ../ Output: dictionary.txt ../: main natas0 natas1 natas10 natas11 natas12 natas13 natas14 natas15 natas16 natas17 natas18
@circusmonkey404 on the twitters; DM for contact