DISCLAIMER: The information in this site is for educational purpose only. The authors of this blog are not responsible for any kind of misuse of this information.

Friday, December 13, 2013

OverTheWire Natas 23

Let's inspect the code: 
    if(array_key_exists("passwd",$_REQUEST)){
        if(strstr($_REQUEST["passwd"],"iloveyou") && ($_REQUEST["passwd"] > 10 )){
            echo "<br>The credentials for the next level are:<br>";
            echo "<pre>Username: natas24 Password: </pre>";
        }
        else{
            echo "<br>Wrong!<br>";
        }
    }

It reveals that if the GET parameter passwd will be sent, containing the substring 'iloveyou' and has a numeric value above 10, we will get the next level credentials !

So, our passwd parameter will contain 'iloveyou' as substring.
The condition 

$_REQUEST["passwd"] > 10
does an implicit casting of string to int by using the numeric part of it from the beginning of the string. For example "10str" will become 10.

In all of this in mind, we will set passwd to be 100iloveyou. 100 > 10 and iloveyou appers. Done :)

1 comment :

  1. AnonymousAugust 3, 2015 at 3:10 AM

    Thank you very much for not respecting our no spoiler policy. very sad to see this.
    Regards,
    morla, OTW

    ReplyDelete

Subscribe to: Post Comments ( Atom )