DISCLAIMER: The information in this site is for educational purpose only. The authors of this blog are not responsible for any kind of misuse of this information.

Friday, December 13, 2013

OverTheWire Natas 21

Code analysis shows that we need the 'admin' field to be set to 1 in order to get the next level credentials.
There is also another page in this level - http://natas21-experimenter.natas.labs.overthewire.org/ The code of this page contains the following block: 
if(array_key_exists("submit", $_REQUEST)) { 
    foreach($_REQUEST as $key => $val) { 
    $_SESSION[$key] = $val; 
    } 
}
If 'submit' was sent as a GET parameter, each (key,val) tuple in the GET request will become a key in the session with 'val' as value.
We will use it to set the session key-value ('admin',1).

The session is shared across the pages, therefore when we will back to http://natas21.natas.labs.overthewire.org/ , we will be identified as admin ! Solved :)

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )