This one frustrated me because I’m fairly certain that I have a valid answer, but the backend code is obviously looking for a certain solution and filtering mine out. This level is very similar to the one prior, but now it’s blacklisting certain characters, namely “& | ;”. This effectively stops us from chainning together commands. I came up with the following solution: -v stuff <(cat /etc/natas_webpass/natas11) |
Substituted into the full string, it would look like this: grep -i -v stuff <(cat /etc/natas_webpass/natas11) dictionary.txt
. The -v flag tells grep to invert the matching logic, and would give us everything that doesn’t match “stuff”. It’s going the search the contents from the command that’s being redirected to it, which would be the contents of the next password. Based on some experimentation on my command line locally, I think that this would work, but the actual page didn’t return any results.
Apparently though, I was overthinking it. I don’t even need a command to cat the contents of the file, I can just tell grep to look there directly. I feel kind of silly now…
Entering -v stuff /etc/natas_webpass/natas11
will actually do what we need.