Joshua Cruz

Natas Level 9 → Level 10

August 19, 2019

Main page

Logging into natas9, we see see that when we input a word into the text field it will output all the words that contains the word in it.

natas9 start

Along with that, we are again greeting with the source code that the lab provides us.

Source Code

Viewing the source code we can see that it is yet again its php code that check the word inputted in the text field and see’s if its in the dictionary.txt file.

natas9 source code

Dictionary.txt

Here I look around in the text file and look directly for the word needle because thats what the source code hints at.

natas9 needle

Password

Looking again at the source code the passthru function looks interesting, It says that its used to execute a command. Seeing that we can inject a command in the text field.

natas9 password

And like that, we get the password for the next level.