[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000701c3980b$6f8bc900$050010ac@Estila>
From: lorenzohgh at nsrg-security.com (Lorenzo Hernandez Garcia-Hierro)
Subject: Tanato WarGame , notes and news
Dear Mark,
There is a file useful for something , it is the way to bypass the
authentication.
imagine how to include the file for use as auth data this:
username password
USEFUL FOR SOMETHING , IT IS AN EASY LEVEL.... ;-)
so , try to do a little research in the next level,
there is a lot of info that is really useful ( xD ) for the NGSec.
best regards,
PS: Mark , remember that you can include any local file , you have the
example auth data file with example username and password , so , use it for
authenticate ;-)
----- Original Message -----
From: "Bassett, Mark" <mbassett@...ha.com>
To: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@...g-security.com>
Sent: Tuesday, October 21, 2003 8:48 PM
Subject: RE: [Full-Disclosure] Tanato WarGame , notes and news
> I had a question for you about the NGsec wargame. I assume that you
> played it and reached the last level, well I am stuck on level 4. It's
> the "tricky php auth"
> I tried to use 127.0.0.1 and localhost from the /etc/host file like so--
> http://quiz.ngsec.biz:8080/game1/level4/validate_tryforfun.php?login=127
> .0.0.1&password=localhost&auth_file=%2Fetc%2Fhosts
> but its not working for me.
>
> This is their pseudo code
>
> <?php
>
> $fd=@...en($auth_file,"r");
> if ($fd==FALSE) {
>
> echo "Error: fopen() failed opening $auth_file\n";
>
> } else {
>
> fscanf($fd,"%s %s",$valid_user,$valid_pass);
> fclose($fd);
>
> if (($login==$valid_user) && ($password==$valid_pass) &&
> ($login!="") && ($password!="")) {
>
> // AUTHENTICATION COMPLETED
>
> } else {
>
> // AUTHENTICATION ERROR
>
> }
> }
>
> ?>
>
> Which seems to me like it will only grab the FIRST value. Which in most
> /etc/hosts files is a comment. I even put this code into a php page and
> ran it, it always shows me username # password "" which won't go past
> the if statement. If it was a while loop pulling multiple user/pass
> from that file it would work perfectly, I tested the damn thing.
>
> Could you gimme a little help? :)
>
>
> Mark Bassett
> Network Administrator
> World media company
> Omaha.com
> 402-898-2079
>
>
> -----Original Message-----
> From: Lorenzo Hernandez Garcia-Hierro
> [mailto:lorenzohgh@...g-security.com]
> Sent: Monday, October 20, 2003 3:05 PM
> To: Full-Disclosure
> Subject: [Full-Disclosure] Tanato WarGame , notes and news
>
> Hi there friends,
> Umm , this time i have a really good news for you:
> Tanato ( NSRG-Security wargame ) is..... not completely but , okay ,
> finished.
> i'm making the final sets and corrections.
> The system is not completely active but you can have an idea of the
> project
> in:
> http://tanato.nsrg-security.com
> Sections not activated:
> - Register
> - User Zone
> - Ranking
> - Login form
> Sections activated:
> - News
> - Info
> -Etc
> It is completely designed in PHP and MySQL , by hand ;-)
> i have used some sections of the official php manual.
> The user control system is in testing mode and not active,
> it uses simple session management and mysql backend ( xD ).
> For register into the wargame you need to pass a training level ( level
> "zer0" )but it is not online.
> i have 40 levels for upload and test , so , be patient,
> any suggestion will be accepted and appreciated.
> The best regards for all the wonderful people in this list ( no
> exceptions
> ;-),
> -------------------------------
> 0x00->Lorenzo Hernandez Garcia-Hierro
> 0x01->/* not csh but sh */
> 0x02->$ PATH=pretending!/usr/ucb/which sense
> 0x03-> no sense in pretending!
> __________________________________
> PGP: Keyfingerprint
> 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B
> ID: 0x91805F5B
> **********************************
> No Secure Root Group Security Research Team
> http://www.nsrg-security.com
> ______________________
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
> ************************************************************
> Omaha World-Herald Company computer systems are for business use only.
> This e-mail was scanned by MailSweeper
> ************************************************************
>
>
>
Powered by blists - more mailing lists