Skip to main content

Natas Level 9

Shubham
Cybersecurity Enthusiast

Natas 9

Solution

first thing you are likely to click here is View sourcecode

there you will see something like this

<?
$key = "";

if(array_key_exists("needle", $_REQUEST)) {
$key = $_REQUEST["needle"];
}

if($key != "") {
passthru("grep -i $key dictionary.txt");
}
?>

here passthru() function is used ... read more about it on https://www.php.net/manual/en/function.passthru.php#127699

since passthru is there we can use command injection ...
basically it is an attack which executes the arbitrary commands on the host operating system via a vulnerable application ... read OWASP Command Injection for more information.

in Find words containing search box
write ;ls -a you will see the files now on the official website it is given that password can be found on etc/natas_webpass/natas*

so we will execute the command ; cat /etc/natas_webpass/natas10; and will get the password for natas 10
<!-- truncate -->