This is the last level. We’re challenged with an improved version of level 9 – they’ve added additional “sanitation” to keep us out.
if(preg_match('/[;|&`\'"]/',$key)) {
print "Input contains an illegal character!";
} else {
passthru("grep -i \"$key\" dictionary.txt");
}
In level 14, we see a more traditional username & password form. Let’s check the source code to see if there are holes we can slip through.
This is level 13. Looks like they claim to only accept image files, in order to close the flaw we used previously. I bet we can get around that restriction just like we did when they disallowed certain characters in the search term. Let’s examine the code.
Here’s the new part of the code:
if (! exif_imagetype($_FILES['uploadedfile']['tmp_name'])) {
echo "File is not an image";
}In level 12, we’re given a file upload form. Let’s take a look at the code that processes input.
This is level 11. Your clue is that “XOR encryption” is not encryption. Let’s look in the cookies to find out they have XOR-ed, so we can mess with it.
Level 8 shows us another “Input secret” form. Let’s examine the source again. This time, there is an “encoded” secret. Let’s try to reverse engineer this. They’re using bin2hex, strrev, and base64_encode – those are all trivially reversible.
On level 6, there is a curious “Input secret” form. I wonder what it does? Well, there is also a “View sourcecode” link, which will presumably show us the source code for that form. Then, we can try to anaylze whether it has any weaknesses we can take advantage of.
I’m a Perl guy. I like the language a lot – how it looks, how it works… Even if it isn’t perfect, I like it a lot. But I also love things that work, and Wordpress works.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License .