NAME
Hack::Natas::15 - solve level 15 of the Natas server-side security war games
VERSION
version 0.003
DESCRIPTION
This class will solve level 15.
METHODS
response_to_boolean
Does an HTTP GET of the resource described by the key-value pairs, and parses the response. If it contains the string This user exists
, then return true; if it contains This user doesn't exist
, then return false.
get_password_length
Although we suspect that the password is 32 characters long, we can verify our assumption with an SQL injection. This does a search for the password length (which ends up being 32, so I have restricted the search space to avoid wasting time).
guess_next_char
Given the current position in the password, guesses the next character by iterating through the alphabet doing a case-insensitive search. If a letter matches, then do a single case-sensitive search to verify the case. Returns the found character.
run
Runs the typical search, as implemented by Hack::Natas::IncrementalSearch, but then verifies the whole password in a single shot, using a case-sensitive comparison.
AVAILABILITY
The project homepage is https://hashbang.ca/tag/natas.
The latest version of this module is available from the Comprehensive Perl Archive Network (CPAN). Visit http://www.perl.com/CPAN/ to find a CPAN site near you, or see https://metacpan.org/module/Hack::Natas/.
SOURCE
The development version is on github at http://github.com/doherty/Hack-Natas and may be cloned from git://github.com/doherty/Hack-Natas.git
BUGS AND LIMITATIONS
You can make new bug reports, and view existing ones, through the web interface at https://github.com/doherty/Hack-Natas/issues.
AUTHOR
Mike Doherty <doherty@cpan.org>
COPYRIGHT AND LICENSE
This software is copyright (c) 2013 by Mike Doherty.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.