http://www.exploit-exercises.com/nebula/level16
About
There is a perl script running on port 1616.
To do this level, log in as the level16 account with the password level16 . Files for this level can be found in /home/flag16.
1#!/usr/bin/env perl
2
3use CGI qw{param};
4
5print "Content-type: text/html\n\n";
6
7sub login {
8 $username = $_[0];
9 $password = $_[1];
10
11 $username =~ tr/a-z/A-Z/; # conver to uppercase
12 $username =~ s/\s.*//; # strip everything after a space
13
14 @output = `egrep "^$username" /home/flag16/userdb.txt 2>&1`;
15 foreach $line (@output) {
16 ($usr, $pw) = split(/:/, $line);
17
18
19 if($pw =~ $password) {
20 return 1;
21 }
22 }
23
24 return 0;
25}
26
27sub htmlz {
28 print("<html><head><title>Login resuls</title></head><body>");
29 if($_[0] == 1) {
30 print("Your login was accepted<br/>");
31 } else {
32 print("Your login failed<br/>");
33 }
34 print("Would you like a cookie?<br/><br/></body></html>\n");
35}
36
37htmlz(login(param("username"), param("password")));
38