OverTheWire Natas 20-24

Level 20 User: natas20 Pass: eofm3Wsshxc5bwtVnEuGIlr7ivb9KABF Back to having source code, let’s take a look and find the important stuff.    if($_SESSION and array_key_exists("admin", $_SESSION) and $_SESSION["admin"] == 1) {    print "You are an admin. The credentials for the next level are:<br>";    print "<pre>Username: natas21\n";    print "Password: <censored></pre>";    } So first we can see that there... Continue Reading →

OverTheWire Natas 10-19

Levels 0-9 can be found at https://cramhack.com/2019/02/11/overthewire-natas-0-10/ Level 10 User: natas10 Pass: nOpp1igQAkUzaI1GUUjzn1bFVj7xCNzu Here we see that our input will be sent as a parameter in the command ‘grep -i $key dictionary.txt’ using the form to input ‘. /etc/natas_webpass/natas11’ will become ‘grep -i . /etc/natas_webpass/natas11 dictionary.txt’ What this is doing is searching for lines containing... Continue Reading →

OverTheWire Natas 0-9

Lately I've been working on the Natas challenges again. Been a while since I have but I was surprised at how much easier the challenges were for me now compared to the last time. Here are levels 0 through 9. While these challenges are very basic the later Natas challenges have actually gotten quite intuitive.... Continue Reading →

What’s an SQL Injection?

SQL Injection What is an SQL injection? URL encoding Types of SQL injections How basic SQL injections work   What is an SQL injection? This code injection technique is used to attack data-driven applications. Attackers can insert SQL statements into an entry field on a vulnerable website for execution. A common reason for using this... Continue Reading →

Create a website or blog at WordPress.com

Up ↑