Dear Mark, There is a file useful for something , it is the way to bypass the authentication. imagine how to include the file for use as auth data this: username password USEFUL FOR SOMETHING , IT IS AN EASY LEVEL.... ;-) so , try to do a little research in the next level, there is a lot of info that is really useful ( xD ) for the NGSec. best regards, PS: Mark , remember that you can include any local file , you have the example auth data file with example username and password , so , use it for authenticate ;-) ----- Original Message ----- From: "Bassett, Mark" <[EMAIL PROTECTED]> To: "Lorenzo Hernandez Garcia-Hierro" <[EMAIL PROTECTED]> Sent: Tuesday, October 21, 2003 8:48 PM Subject: RE: [Full-Disclosure] Tanato WarGame , notes and news
> I had a question for you about the NGsec wargame. I assume that you > played it and reached the last level, well I am stuck on level 4. It's > the "tricky php auth" > I tried to use 127.0.0.1 and localhost from the /etc/host file like so-- > http://quiz.ngsec.biz:8080/game1/level4/validate_tryforfun.php?login=127 > .0.0.1&password=localhost&auth_file=%2Fetc%2Fhosts > but its not working for me. > > This is their pseudo code > > <?php > > [EMAIL PROTECTED]($auth_file,"r"); > if ($fd==FALSE) { > > echo "Error: fopen() failed opening $auth_file\n"; > > } else { > > fscanf($fd,"%s %s",$valid_user,$valid_pass); > fclose($fd); > > if (($login==$valid_user) && ($password==$valid_pass) && > ($login!="") && ($password!="")) { > > // AUTHENTICATION COMPLETED > > } else { > > // AUTHENTICATION ERROR > > } > } > > ?> > > Which seems to me like it will only grab the FIRST value. Which in most > /etc/hosts files is a comment. I even put this code into a php page and > ran it, it always shows me username # password "" which won't go past > the if statement. If it was a while loop pulling multiple user/pass > from that file it would work perfectly, I tested the damn thing. > > Could you gimme a little help? :) > > > Mark Bassett > Network Administrator > World media company > Omaha.com > 402-898-2079 > > > -----Original Message----- > From: Lorenzo Hernandez Garcia-Hierro > [mailto:[EMAIL PROTECTED] > Sent: Monday, October 20, 2003 3:05 PM > To: Full-Disclosure > Subject: [Full-Disclosure] Tanato WarGame , notes and news > > Hi there friends, > Umm , this time i have a really good news for you: > Tanato ( NSRG-Security wargame ) is..... not completely but , okay , > finished. > i'm making the final sets and corrections. > The system is not completely active but you can have an idea of the > project > in: > http://tanato.nsrg-security.com > Sections not activated: > - Register > - User Zone > - Ranking > - Login form > Sections activated: > - News > - Info > -Etc > It is completely designed in PHP and MySQL , by hand ;-) > i have used some sections of the official php manual. > The user control system is in testing mode and not active, > it uses simple session management and mysql backend ( xD ). > For register into the wargame you need to pass a training level ( level > "zer0" )but it is not online. > i have 40 levels for upload and test , so , be patient, > any suggestion will be accepted and appreciated. > The best regards for all the wonderful people in this list ( no > exceptions > ;-), > ------------------------------- > 0x00->Lorenzo Hernandez Garcia-Hierro > 0x01->/* not csh but sh */ > 0x02->$ PATH=pretending!/usr/ucb/which sense > 0x03-> no sense in pretending! > __________________________________ > PGP: Keyfingerprint > 4ACC D892 05F9 74F1 F453 7D62 6B4E B53E 9180 5F5B > ID: 0x91805F5B > ********************************** > No Secure Root Group Security Research Team > http://www.nsrg-security.com > ______________________ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > ************************************************************ > Omaha World-Herald Company computer systems are for business use only. > This e-mail was scanned by MailSweeper > ************************************************************ > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
