Hack::Natas::15 - solve level 15 of the Natas server-side security war games
version 0.003
This class will solve level 15.
Does an HTTP GET of the resource described by the key-value pairs, and parses the response. If it contains the string This user exists, then return true; if it contains This user doesn't exist, then return false.
This user exists
This user doesn't exist
Although we suspect that the password is 32 characters long, we can verify our assumption with an SQL injection. This does a search for the password length (which ends up being 32, so I have restricted the search space to avoid wasting time).
Given the current position in the password, guesses the next character by iterating through the alphabet doing a case-insensitive search. If a letter matches, then do a single case-sensitive search to verify the case. Returns the found character.
Runs the typical search, as implemented by Hack::Natas::IncrementalSearch, but then verifies the whole password in a single shot, using a case-sensitive comparison.
The project homepage is https://hashbang.ca/tag/natas.
The latest version of this module is available from the Comprehensive Perl Archive Network (CPAN). Visit http://www.perl.com/CPAN/ to find a CPAN site near you, or see https://metacpan.org/module/Hack::Natas/.
The development version is on github at http://github.com/doherty/Hack-Natas and may be cloned from git://github.com/doherty/Hack-Natas.git
You can make new bug reports, and view existing ones, through the web interface at https://github.com/doherty/Hack-Natas/issues.
Mike Doherty <doherty@cpan.org>
This software is copyright (c) 2013 by Mike Doherty.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.
To install Hack::Natas, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Hack::Natas
CPAN shell
perl -MCPAN -e shell install Hack::Natas
For more information on module installation, please visit the detailed CPAN module installation guide.