DISCLAIMER: The information in this site is for educational purpose only. The authors of this blog are not responsible for any kind of misuse of this information.

Friday, December 13, 2013

OverTheWire Natas 20

So from code analysis we can conclude that in order to get the next level credentials we have to be identified as admin.
How we gonna do it ? Further analysis shows that we need a way to write to the session file the following line:
admin 1

Easy! The name parameter is written to the session file. We can append it the required line by sending the following name as parameter:
hacker%0Aadmin%201
Unescaped:
hacker
admin 1
Then the session file will look like this:
name hacker
admin 1
And when it will be read, we will have admin field set to 1 in our session --> got admin !
The next level credentials will be printed. GAME OVER :)

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )