OverTheWire - Natas - Level 9 → Level 10
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!
Login using given credentials.
Relevant code from the site sourcecode:
This sourcecode is similar to the one from the last
level and so also vulnerable to Code Injection
. The difference is, that the characters
& are not allowed. This means, no simple Linux command chaining is possible. There are certainly many ways to solve this level.
The simplest solution would be using the available options of
grep. A look into the man page gave me an idea.
grep command is executed, the invert match option could help. Passing a simple non-mixalpha-numeric character should list everything found in the files passed to
grep. Why non-mixalpha-numeric? Because the password can contain at least one of these mixalpha-numeric characters: a-zA-Z0-9
Putting everything together results in following command:
grep -i -v - /etc/natas_webpass/natas11 dictionary.txt
The non-mixalpha-numeric character used here is a simple dash.