Full Disclosure mailing list archives

Re: Tanato WarGame , notes and news

From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Date: Tue, 21 Oct 2003 21:42:16 +0200

Dear Mark,
There is a file useful for something , it is the way to bypass the
authentication.
imagine how to include the file for use as auth data this:
username password
USEFUL FOR SOMETHING , IT IS AN EASY  LEVEL.... ;-)
so , try to do a little research in the next level,
there is a lot of info that is really useful ( xD ) for the NGSec.
best regards,
PS: Mark , remember that you can include any local file , you have the
example auth data file with example username and password , so , use it for
authenticate ;-)
----- Original Message ----- 
From: "Bassett, Mark" <mbassett () omaha com>
To: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh () nsrg-security com>
Sent: Tuesday, October 21, 2003 8:48 PM
Subject: RE: [Full-disclosure] Tanato WarGame , notes and news

I had a question for you about the NGsec wargame.  I assume that you
played it and reached the last level, well I am stuck on level 4.  It's
the "tricky php auth"
I tried to use 127.0.0.1 and localhost from the /etc/host file like so--
http://quiz.ngsec.biz:8080/game1/level4/validate_tryforfun.php?login=127
.0.0.1&password=localhost&auth_file=%2Fetc%2Fhosts
but its not working for me.

This is their pseudo code

<?php

   $fd=@fopen($auth_file,"r");
   if ($fd==FALSE) {

      echo "Error: fopen() failed opening $auth_file\n";

      } else {

        fscanf($fd,"%s %s",$valid_user,$valid_pass);
        fclose($fd);

    if (($login==$valid_user) && ($password==$valid_pass) &&
($login!="") && ($password!="")) {

        // AUTHENTICATION COMPLETED

        } else {

        // AUTHENTICATION ERROR

        }
    }

?>

Which seems to me like it will only grab the FIRST value.  Which in most
/etc/hosts files is a comment.  I even put this code into a php page and
ran it, it always shows me  username #  password ""  which won't go past
the if statement.  If it was a while loop pulling multiple user/pass
from that file it would work perfectly, I tested the damn thing.

Could you gimme a little help? :)


Mark Bassett
Network Administrator
World media company
Omaha.com
402-898-2079


-----Original Message-----
From: Lorenzo Hernandez Garcia-Hierro
[mailto:lorenzohgh () nsrg-security com]
Sent: Monday, October 20, 2003 3:05 PM
To: Full-Disclosure
Subject: [Full-disclosure] Tanato WarGame , notes and news

Hi there friends,
Umm , this time i have a really good news for you:
Tanato ( NSRG-Security wargame ) is..... not completely but , okay ,
finished.
i'm making the final sets and corrections.
The system is not completely active but you can have an idea of the
project
in:
http://tanato.nsrg-security.com
Sections not activated:
- Register
- User Zone
- Ranking
- Login form
Sections activated:
- News
- Info
-Etc
It is completely designed in PHP and MySQL , by hand ;-)
i have used some sections of the official php manual.
The user control system is in testing mode and not active,
it uses simple session management and mysql backend ( xD ).
For register into the wargame you need to pass a training level ( level
"zer0" )but it is not online.
i have 40 levels for upload and test , so , be patient,
any suggestion will be accepted and appreciated.
The best regards for all the wonderful people in this list ( no
exceptions
;-),
-------------------------------
0x00->Lorenzo Hernandez Garcia-Hierro
0x01->/* not csh but sh */
0x02->$ PATH=pretending!/usr/ucb/which sense
0x03-> no sense in pretending!
__________________________________
PGP: Keyfingerprint
4ACC D892 05F9 74F1 F453  7D62 6B4E B53E 9180 5F5B
ID: 0x91805F5B
**********************************
No Secure Root Group Security Research Team
http://www.nsrg-security.com
______________________


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


************************************************************
Omaha World-Herald Company computer systems are for business use only.
This e-mail was scanned by MailSweeper
************************************************************



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Tanato WarGame , notes and news Lorenzo Hernandez Garcia-Hierro (Oct 20)
- <Possible follow-ups>
- Re: Tanato WarGame , notes and news Lorenzo Hernandez Garcia-Hierro (Oct 21)
  - Re: NGSEC's SG #1 [SPOILER] (was: Tanato WarGame , notes and news) Martin Schuster (Oct 22)