Natas Level 9
Natas 9
Solution
first thing you are likely to click here is View sourcecode
there you will see something like this
<?
$key = "";
if(array_key_exists("needle", $_REQUEST)) {
$key = $_REQUEST["needle"];
}
if($key != "") {
passthru("grep -i $key dictionary.txt");
}
?>
here passthru() function is used ... read more about it on https://www.php.net/manual/en/function.passthru.php#127699
since passthru is there we can use command injection ...
basically it is an attack which executes the arbitrary commands on the host operating system via a vulnerable application ... read OWASP Command Injection for more information.
in Find words containing search box
write ;ls -a you will see the files
now on the official website it is given that password can be found on etc/natas_webpass/natas*
so we will execute the command ; cat /etc/natas_webpass/natas10;
and will get the password for natas 10
<!-- truncate -->
