Natas 6:
Solution: First i navigated to see the sourcecode of that challenge. After seeing that "include "includes/secret.inc"; " in that PHP code. I tried to access the following link: "http://natas6.natas.labs.overthewire.org/includes/secret.inc" I found the secret text and typed in secret text box . And i got the credentials of next level in simple way :-) Result :: natas7 is 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9 Natas 7: Solution:After seeing hint in source page <!-- hint: password for webuser natas8 is in /etc/natas_webpass/natas8 --> So i navigated to all pages in site and i found there is local file vulnerability. And i typed the following URL and got the Natas 8 credentials "http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8" Result:: natas8 password :: DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe Vulnerability: Local File Inclusion Vulnerability Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. To Prevent these kind of attacks check the following link: http://hakipedia.com/index.php/Local_File_Inclusion
0 Comments
|
Details
Categories
All
Archives
June 2017
Vivek N
An idea can change your life :) |