Posts Tagged ‘bash’

Server-side security war games: Part 16

This is the last level. We're challenged with an improved version of level 9 -- they've added additional "sanitation" to keep us out.

    if(preg_match('/[;|&`\'"]/',$key)) {
        print "Input contains an illegal character!";
    } else {
        passthru("grep -i \"$key\" dictionary.txt");
    }

(more…)

Server-side security war games: Part 10

Welcome to level 10. "For security reasons, we now filter on certian characters" -- okay they've gotten wise to our little game. But let's check how good their countermeasures are.

Well, they don't allow us to use the semicolon or ampersand any longer. Well that's not a problem, I know other ways to manhandle that command into doing what I want.
(more…)

Server-side security war games: Part 9

In level 9, the "Input secret" form is replaced by one that looks like it is searching for words containing the string you provide. Give it a try, and then look at the code.

Well, this is just grepping through a wordlist, using the POSTed needle as a parameter. Since we control the value of that POSTed variable, we can control the command that gets executed. Now we need to figure out how to use that to our advantage.
(more…)