DISCLAIMER: The information in this site is for educational purpose only. The authors of this blog are not responsible for any kind of misuse of this information.

Sunday, December 15, 2013

OverTheWire Natas 24

As always, we will begin with code analysis: 
<?php
    if(array_key_exists("passwd",$_REQUEST)){
        if(!strcmp($_REQUEST["passwd"],"<censored>")){
            echo "<br>The credentials for the next level are:<br>";
            echo "<pre>Username: natas25 Password: <censored></pre>";
        }
        else{
            echo "<br>Wrong!<br>";
        }
    }
    // morla / 10111
?>
strcmp is used. Therefore, passwd GET parameter is expected to be a string. We want strcmp to return 0. It will happen if passwd will be a string equals to which is unknown. The other case is that passwd won't be a string!

Let's pass it as array, e.g. passwd[]=hacked. The following warning will be printed:
Warning: strcmp() expects parameter 1 to be string, array given in /var/www/natas/natas24/index.php on line 23
Together with the next level key :)

1 comment :

  1. AnonymousAugust 3, 2015 at 2:58 AM

    Thank you very much for not respecting our no spoiler policy. very sad to see this.
    Regards,
    morla, OTW

    ReplyDelete

Subscribe to: Post Comments ( Atom )