Full Disclosure mailing list archives
Re: Tanato WarGame , notes and news
From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Tue, 21 Oct 2003 21:42:16 +0200
Dear Mark, There is a file useful for something , it is the way to bypass the authentication. imagine how to include the file for use as auth data this: username password USEFUL FOR SOMETHING , IT IS AN EASY LEVEL.... ;-) so , try to do a little research in the next level, there is a lot of info that is really useful ( xD ) for the NGSec. best regards, PS: Mark , remember that you can include any local file , you have the example auth data file with example username and password , so , use it for authenticate ;-) ----- Original Message ----- From: "Bassett, Mark" <mbassett () omaha com> To: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com> Sent: Tuesday, October 21, 2003 8:48 PM Subject: RE: [Full-disclosure] Tanato WarGame , notes and news
I had a question for you about the NGsec wargame. I assume that you played it and reached the last level, well I am stuck on level 4. It's the "tricky php auth" I tried to use 127.0.0.1 and localhost from the /etc/host file like so-- http://quiz.ngsec.biz:8080/game1/level4/validate_tryforfun.php?login=127 .0.0.1&password=localhost&auth_file=%2Fetc%2Fhosts but its not working for me. This is their pseudo code <?php $fd=@fopen($auth_file,"r"); if ($fd==FALSE) { echo "Error: fopen() failed opening $auth_file\n"; } else { fscanf($fd,"%s %s",$valid_user,$valid_pass); fclose($fd); if (($login==$valid_user) && ($password==$valid_pass) && ($login!="") && ($password!="")) { // AUTHENTICATION COMPLETED } else { // AUTHENTICATION ERROR } } ?> Which seems to me like it will only grab the FIRST value. Which in most /etc/hosts files is a comment. I even put this code into a php page and ran it, it always shows me username # password "" which won't go past the if statement. If it was a while loop pulling multiple user/pass from that file it would work perfectly, I tested the damn thing. Could you gimme a little help? :) Mark Bassett Network Administrator World media company Omaha.com 402-898-2079 -----Original Message----- From: Lorenzo Hernandez Garcia-Hierro [mailto:lorenzohgh () nsrg-security com] Sent: Monday, October 20, 2003 3:05 PM To: Full-Disclosure Subject: [Full-disclosure] Tanato WarGame , notes and news Hi there friends, Umm , this time i have a really good news for you: Tanato ( NSRG-Security wargame ) is..... not completely but , okay , finished. i'm making the final sets and corrections. The system is not completely active but you can have an idea of the project in: http://tanato.nsrg-security.com Sections not activated: - Register - User Zone - Ranking - Login form Sections activated: - News - Info -Etc It is completely designed in PHP and MySQL , by hand ;-) i have used some sections of the official php manual. The user control system is in testing mode and not active, it uses simple session management and mysql backend ( xD ). For register into the wargame you need to pass a training level ( level "zer0" )but it is not online. i have 40 levels for upload and test , so , be patient, any suggestion will be accepted and appreciated. The best regards for all the wonderful people in this list ( no exceptions ;-), ------------------------------- 0x00->Lorenzo Hernandez Garcia-Hierro 0x01->/* not csh but sh */ 0x02->$ PATH=pretending!/usr/ucb/which sense 0x03-> no sense in pretending! __________________________________ PGP: Keyfingerprint 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B ID: 0x91805F5B ********************************** No Secure Root Group Security Research Team http://www.nsrg-security.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ************************************************************ Omaha World-Herald Company computer systems are for business use only. This e-mail was scanned by MailSweeper ************************************************************
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Tanato WarGame , notes and news Lorenzo Hernandez Garcia-Hierro (Oct 20)
- <Possible follow-ups>
- Re: Tanato WarGame , notes and news Lorenzo Hernandez Garcia-Hierro (Oct 21)
- Re: NGSEC's SG #1 [SPOILER] (was: Tanato WarGame , notes and news) Martin Schuster (Oct 22)