728x90
http://natas23.natas.labs.overthewire.org/index.php
natas23/D0vlad33nQF0Hz2EP255TP5wSW9ZsRSE로 로그인
패스워드를 입력할 수 있게 되어 있다.
소스코드를 확인해보았다.
<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src="http://natas.labs.overthewire.org/js/wechall-data.js"></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas23", "pass": "<censored>" };</script></head>
<body>
<h1>natas23</h1>
<div id="content">
Password:
<form name="input" method="get">
<input type="text" name="passwd" size=20>
<input type="submit" value="Login">
</form>
<?php
if(array_key_exists("passwd",$_REQUEST)){
if(strstr($_REQUEST["passwd"],"iloveyou") && ($_REQUEST["passwd"] > 10 )){
echo "<br>The credentials for the next level are:<br>";
echo "<pre>Username: natas24 Password: <censored></pre>";
}
else{
echo "<br>Wrong!<br>";
}
}
// morla / 10111
?>
<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>입력한 패스워드(passwd)에 "iloveyou"가 존재하는지, passwd가 10보다 큰지 체크한다.
10보다 큰 값에, "iloveyou"라는 문자열을 포함해야 하므로 "11iloveyou"라고 입력해주었다.
패스워드가 확인된다.
Password: OsRmXFguozKpTZZ5X14zNO43379LZveg
728x90
'WEB > Natas' 카테고리의 다른 글
| [Natas] Level 24 → Level 25 (0) | 2021.08.12 |
|---|---|
| [Natas] Level 23 → Level 24 (0) | 2021.08.04 |
| [Natas] Level 21 → Level 22 (0) | 2021.07.21 |
| [Natas] Level 20 → Level 21 (0) | 2021.07.08 |
| [Natas] Level 19 → Level 20 (0) | 2021.07.08 |