Saihat's Network Security Blog

Today we're doing a walkthrough of level 8 of the Natas CTF wargame hosted at: http://natas8.natas.labs.overthewire.org In order to access the level, we will need to authenticate into the webpage by providing the current level of the game as the username (natas8) and the password we obtained from the previous level as the password.  After we've authenticated into the page, we see this: It looks like we will need to provide the form with the right string to get the password for the next level.  Let's take a look at the sourcecode link in the corner: http://natas8.natas.labs.overthewire.org/index-source.html According to the source code, the $encodedSecret string is transformed by the encodeSecret function, and if the string we submit to the form matches the transformed $encodedSecret, then the password for natas9 will be displayed. The $encodedSecret is first encoded into base64, then the string is reversed, and the reversed string is converted from binary to hex format. So,...

Today we're doing a walkthrough for level 7 of the Natas CTF wargame series located at: http://natas7.natas.labs.overthewire.org As usual, the webpage requires us to authenticate in order to load the page, using the name of the current level (natas7) as the user name, and the password gained from previous level as the password.  One authenticated in, we see this: Not much to go on here, so we take a look at the source for the webpage. view-source:http://natas7.natas.labs.overthewire.org/ So we're essentially given the location where we can get the password for the next level, but navigating to http://natas7/natas.labs.overthewire.org/etc/natas_webpass/natas8 doesn't get us anywhere. Instead, we take a look at the "About" link located at the first webpage we landed on. http://natas7.natas.labs.overthewire.org/index.php?page=about If we look at the address bar after navigating to this page, we see that the php page that we see is represented in the URL itself.  So l...

I ntroduction I've been home-schooling myself in penetration testing skills and exercises for the last several months, but I only started thinking about going out for certifications in the last few weeks or so.  I'd done a bit of research on different beginner certifications from YouTube videos and various blogs, and it seemed like the eLearnSecurity courses were pretty well regarded and reviewed from a learning standpoint, but lacked a bit in recognition from HR hiring managers.  I picked up the PTSv4 (Penetration Testing Student version 4) course from eLearnSecurity in September when I saw that their courses were on sale with big discounts, so I took that as the sign to finally go for my first certification. Thoughts on the Course The PTSv4 is a really great course for new students looking to get into the industry, because it covers a lot of pre-requisite skills required for penetration testing, such as networking concepts, html requests, navigating in a Linux environment, p...

Today we're doing a walkthrough of level 6 of the Natas CTF wargame hosted at: http://natas6.natas.labs.overthewire.org We will need to authenticate into the webpage, using the current level (natas6) as the username and the password we captured in the last level as the password.  Once authenticated, we see this webpage: It looks like this webpage form wants us to input a specific string.  Let's take a look at the the "view sourcecode" link. http://natas6.natas.labs.overthewire.org/index-source.html The source indicates that the page will print out the password for natas7 if the query string that we post to the page is identical to a variable named $secret, which we assume is generated by the secret.inc file located in the /includes/ directory.  Let's navigate to that page and see what's there. http://natas6.natas.labs.overthewire.org/includes/secret.inc Nothing here, but let's check out the page source. view-source:http://natas6.natas.labs.overthewire.org/...

Today we're doing a walkthrough for level 5 of the Natas CTF wargame, hosted at: http://natas5.natas.labs.overthewire.org As usual, you will need to authenticate into the webpage using the current level of the game as the username (natas5) and the password we got from the previous level as the password.  Once authenticated, we see this webpage: Whether or not a webpage user is logged in or not is usually indicated by session cookies, so let's take a look at what cookies we have for this webpage in our web browser settings.  Using Firefox, we click on the three-line menu button and select Developer Tools, then Storage Inspector three-line menu ------->  Developer Tools ----------->  Storage Inspector From there, we see that there's a loggedIn cookie associated with the Natas5 webpage, that is set to 0 . We can then set the value of the loggedIn cookie to 1 , then refresh the page. set loggedIn cookie Value to 1 --------> refresh Natas5 webpage Summary Natas5 ...

Today we're doing level 4 of the Natas series of CTF wargames hosted at: http://natas4.natas.labs.overthewire.org As usual we will need to authenticate into this webpage, using the current level of the Natas game (natas4) as the username, and the password we got from the previous level as the password.  Once authenticated, we see this: It looks like the difficulty of the Natas levels has gone beyond the point where we can solve the levels without other tools.  In this case, we will have to send modified HTTP requests to the natas4 website, which we will do with the OWASP ZAP program.  In this case, the website will only log us in if we are referred to this page by the Natas5 webpage.  Teaching how to install and configure OWASP ZAP is out of scope for this walkthrough, but there are a lot of tutorials out there that can teach us how to do that. So we'll start up OWASP ZAP, make sure our web browser is using the correct proxy port, then start intercepting HTTP request...

Today we're doing level 3 of the Natas series of CTF wargames hosted at: http://natas3.natas.labs.overthewire.org/ As usual, we will supply the current Natas level as the username (natas3) and the password we got from the previous level as the password.  The actual webpage looks like this: We then take a look at the source for this webpage: This comment is a reference to search engine crawling, search engines find all the pages on your website by mapping them out with special programs.  A website can deliberately omit certain pages from being mapped by search engine crawlers by including a special file on their website called robots.txt , which lists all the webpages that the webpage creators don't want mapped. Let's check out the robots.txt file on the Natas3 page. http://natas3.natas.labs.overthewire.org/robots.txt That's a secret directory right there, so let's check it out. http://natas3.natas.labs.overthewire.org/s3cr3t A hidden text file.  Let's take a lo...

Today we're doing a walkthrough of level 2 of the Natas CTF wargame hosted at: http://natas2.natas.labs.overthewire.org As usual, the page will require you to authenticate using the username of the current natas level (natas2) and the password we obtained from the previous level.  Once authenticated, we see this webpage: We'll take a look at the webpage's source just to make sure: The page source indicates that there's an image on this page that we couldn't see.  But more importantly, there's another directory called "files" where the image file is stored.  We can manually navigate to that page using our web browser. http://natas2.natas.labs.overthewire.org/files One other file in this directory.  Let's take a look: http://natas2.natas.labs.overthewire.org/files/users.txt Summary Natas2 required us to enumerate an extra directory off of the webpage root directory by inspecting the page source.  The password for the next level was located in a file ...

Today we're doing a CTF wargame walkthrough for Natas1, which is hosted at: http://natas1.natas.labs.overthewire.org   When we access the page, we are required to authenticate using natas1 as the username, and the password obtained from the previous level. After authenticating, the webpage looks like this: It looks like the challenge for this level is identical to the last level, except that we can't access the page source by right-clicking the page.  We'll look at two other methods we can use to access the webpage source.  We can either: Use the keyboard shortcut Ctrl - u   or Append view-source: to the webpage's URL in our browser's address bar, e.g. view-source:http://natas1.natas.labs.overthewire.org After using either of these methods, we see this: Summary Natas1 required us to view the webpage's source without using right-click on the page.  When viewed, the webpage source provided us with the password to the next level of Natas. Finish

Today we're starting a series of CTF wargame walkthroughs featuring the Natas series from overthewire.org .  The levels in this series cover a lot of different web-based enumeration and exploitation techniques, and going through them will help sharpen our skills. Each level in Natas requires you to navigate to a specific webpage and authenticate into it using the credentials captured from the previous level. In the case of Natas level 0, we navigate to this page: http://natas0.natas.labs.overthewire.org/ At which point we are greeting with the authentication prompt. Here we provide  natas0  as both the username and password, which leads us to the actual webpage, where we are presented with the following message: As there is nothing else useful on the webpage, we want to look at the webpage source to see if there's anything there.  We can either right click on the page and select View Page Source or we can use the keyboard shortcut, which is Ctrl - u (using Firefox b...

Saihat's NetSec Self-Assessment (Mid-October 2020) Desired Position Junior Penetration Tester / Junior Security Analyst Projected Career Goals Acquire all required skills for Junior Pentester position by end of 2020. Relevant Job Experience None To Mentor Reviewers I am very interested in learning which areas in my "areas to improve on" and "future topics to learn" are common topics or unnecessary topics in reference to my desired junior pentester goal.  From a hiring standpoint, I am also interested in filling in gaps in my training to feel sufficiently equipped for the job at hand.  However, any and all feedback is appreciated, and I appreciate you taking the time to review my humble resume. Familiar Programs and Topics Netcat Nmap Nikto Nessus Metasploit SQLmap SMBclient John the Ripper Hydra Dirb / Gobuster WPscan SQL Injection Areas to Improve On Local File Inclusion Attacks Windows System Enumeration and Privilege Escalation Burpsuite / OWASP ZAP Cryptogra...