- BUGS AND LIMITATIONS
- COPYRIGHT AND LICENSE
Hack::Natas::15 - solve level 15 of the Natas server-side security war games
This class will solve level 15.
Does an HTTP GET of the resource described by the key-value pairs, and parses the response. If it contains the string
This user exists, then return true; if it contains
This user doesn't exist, then return false.
Although we suspect that the password is 32 characters long, we can verify our assumption with an SQL injection. This does a search for the password length (which ends up being 32, so I have restricted the search space to avoid wasting time).
Given the current position in the password, guesses the next character by iterating through the alphabet doing a case-insensitive search. If a letter matches, then do a single case-sensitive search to verify the case. Returns the found character.
Runs the typical search, as implemented by Hack::Natas::IncrementalSearch, but then verifies the whole password in a single shot, using a case-sensitive comparison.
The project homepage is https://hashbang.ca/tag/natas.
The latest version of this module is available from the Comprehensive Perl Archive Network (CPAN). Visit http://www.perl.com/CPAN/ to find a CPAN site near you, or see https://metacpan.org/module/Hack::Natas/.
You can make new bug reports, and view existing ones, through the web interface at https://github.com/doherty/Hack-Natas/issues.
Mike Doherty <firstname.lastname@example.org>
This software is copyright (c) 2013 by Mike Doherty.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.