The application we’ve seen in previous challenges is now filtering even more characters. No command injection through the common ones like backticks, ampersands or semi-colons. How do we know which characters are allowed? And how do we produce a working attack which will reveal the next password? That’s what I’ve got in store for you in this video.
In these video series I am running through the Overthewire.org Natas wargame. It’s all about web hacking and shows an array of different web vulnerabilities for us to practice on. This video features Natas16.
If you liked it, or you want more, let me know. Subscribe for updates to my channel.
You can check out my twitter account here for updates: https://twitter.com/ChrisADale
Interested in hiring my team and I for consulting? Check us out at https://riversecurity.eu/
I’m also a SANS certified instructor, and you can come to my classes. Check out my schedule here: https://www.sans.org/instructors/chris-dale