Overthewire Natas Level 9 To 10

Level 10

Username: natas10
Password: redacted
URL:      http://natas10.natas.labs.overthewire.org

As normal, lets look at various sources

I don’t believe you, lets see what happens.

Okay, fair. In the source code:

<?  
$key = "";  
  
if(array\_key\_exists("needle", $\_REQUEST)) {  
 $key = $\_REQUEST\["needle"\];  
}  
  
if($key != "") {  
 if(preg\_match('/\[;|&\]/',$key)) {  
 print "Input contains an illegal character!";  
 } else {  
 passthru("grep -i $key dictionary.txt");  
 }  
}  
?>

So this is definately something where you traverse, but can’t use any fun characters. Okay, lets yolo and use ‘a ls’

That is actually interesting. I wonder if we look at the same path as the previous challenge (and increment by 1) and cat the file..

Nope. Lets try a few more, what could hurt?

Nope

What? Why did that work?

This is why:

       -i, --ignore-case
              Ignore  case  distinctions,  so that characters that differ
              only in case match each other.

So the grep command -i will look for any (ignoring case) in the password. The password doesn’t contain an A… or a B… But it does contain a C. That’s weird.

VICTORY.

 redacted