Hashbang.ca

Posts

Book review: Site Reliability Engineering
Diagnosing performance degradation under adverse circumstances
CSRF vulnerability at CloudAtCost.com
Legal issues in computer security research
Recovering from Heartbleed
Mike will be a Googler
Upgrading encrypted Android devices
Exploring Canada's computer crime laws: Part 3
Exploring Canada's computer crime laws: Part 2
Exploring Canada's computer crime laws: Part 1
How to run a question period
Validating SSL certificates for IRC bouncers
Introducing Hack::Natas
Presenting my Natas solutions at NSLUG
SSL configuration on nginx
Server-side security war games: Part 16
Server-side security war games: Part 15
Server-side security war games: Part 14
Server-side security war games: Part 13
Server-side security war games: Part 12

Tags

acme activemq advocacy agile android apache atlseccon bash bdfoy biella book-review bug busybox c-11 canada cfaa chromatic cli co-op coding-freedom conference copyright corba cpan crime crypto csp csrf curl cyanogenmod dagolden dal dancer dbix-class debian deployment design dhcp docs doy drdc drm dzil font foss gedit git google hacking hci heartbleed ide incident infosec ingy irc jacinta jamesgannon java journalism kentnl lawful-access leagueofmovabletype leont linux luks lvm lwp marketing memcached mgeist miyagawa mmims mock mod_perl modern-perl module-build moose movabletype mst natas nginx nickdepetrillo noose nslug obra oo p5p patch path-tiny performance perl perl5i php plack politics prepan psych pythian quinnorton regex release rjbs roadmap rolsky rwstauner schwern scm sf spying sql sre ssl survillance talks techpolicy testing thanks tls twitter typography ui unicode updated utf8 vuln wall waterfall wifi windows wordpress xss yanick yapc youtube

Customise

White
Black
Blue
Green
Grey

Server-side security war games: Part 16

This is the last level. We’re challenged with an improved version of level 9 – they’ve added additional “sanitation” to keep us out.

    if(preg_match('/[;|&`\'"]/',$key)) {
        print "Input contains an illegal character!";
    } else {
        passthru("grep -i \"$key\" dictionary.txt");
    }

Permanent link for post: /post/natas-16/
Posted: Jul 9, 2013
Tags: bash infosec natas perl php

Server-side security war games: Part 14

In level 14, we see a more traditional username & password form. Let’s check the source code to see if there are holes we can slip through.

Permanent link for post: /post/natas-14/
Posted: Jul 4, 2013
Tags: curl infosec natas php sql

Server-side security war games: Part 13

This is level 13. Looks like they claim to only accept image files, in order to close the flaw we used previously. I bet we can get around that restriction just like we did when they disallowed certain characters in the search term. Let’s examine the code.

Here’s the new part of the code:

    if (! exif_imagetype($_FILES['uploadedfile']['tmp_name'])) {
        echo "File is not an image";
    }

Permanent link for post: /post/natas-13/
Posted: Jul 2, 2013
Tags: curl infosec natas php,

Server-side security war games: Part 12

In level 12, we’re given a file upload form. Let’s take a look at the code that processes input.

Permanent link for post: /post/natas-12/
Posted: Jul 1, 2013
Tags: curl infosec natas php

Server-side security war games: Part 11

This is level 11. Your clue is that “XOR encryption” is not encryption. Let’s look in the cookies to find out they have XOR-ed, so we can mess with it.

Permanent link for post: /post/natas-11/
Posted: Jun 28, 2013
Tags: infosec natas php

Server-side security war games: Part 8

Level 8 shows us another “Input secret” form. Let’s examine the source again. This time, there is an “encoded” secret. Let’s try to reverse engineer this. They’re using bin2hex, strrev, and base64_encode – those are all trivially reversible.

Permanent link for post: /post/natas-8/
Posted: Jun 25, 2013
Tags: php infosec natas

Server-side security war games: Part 6

On level 6, there is a curious “Input secret” form. I wonder what it does? Well, there is also a “View sourcecode” link, which will presumably show us the source code for that form. Then, we can try to anaylze whether it has any weaknesses we can take advantage of.

Permanent link for post: /post/natas-6/
Posted: Jun 22, 2013
Tags: infosec natas php

OMG, is that WordPress?!

I’m a Perl guy. I like the language a lot – how it looks, how it works… Even if it isn’t perfect, I like it a lot. But I also love things that work, and Wordpress works.

Permanent link for post: /post/omg-is-that-wordpress/
Posted: Jan 29, 2011
Tags: movabletype perl php wordpress

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License .

Hashbang.ca

Pages

Posts

Tags

Links

Customise

Server-side security war games: Part 16

Server-side security war games: Part 14

Server-side security war games: Part 13

Server-side security war games: Part 12

Server-side security war games: Part 11

Server-side security war games: Part 8

Server-side security war games: Part 6

OMG, is that WordPress?!