OverTheWire Natas Level 8 Walkthrough

Today we're doing a walkthrough of level 8 of the Natas CTF wargame hosted at:

http://natas8.natas.labs.overthewire.org

In order to access the level, we will need to authenticate into the webpage by providing the current level of the game as the username (natas8) and the password we obtained from the previous level as the password.  After we've authenticated into the page, we see this:


It looks like we will need to provide the form with the right string to get the password for the next level.  Let's take a look at the sourcecode link in the corner:

http://natas8.natas.labs.overthewire.org/index-source.html


According to the source code, the $encodedSecret string is transformed by the encodeSecret function, and if the string we submit to the form matches the transformed $encodedSecret, then the password for natas9 will be displayed.

The $encodedSecret is first encoded into base64, then the string is reversed, and the reversed string is converted from binary to hex format.

So, to decode the secret string, we will have to perform the exact reverse operations.  We'll use an online code sandbox website to perform these operations.  First convert the encoded string from hex to binary format using hex2bin, then reverse the resulting string using strrev, and finally we decode the reversed string from base64 and receive the fully decoded string.

https://sandbox.onlinephpfunctions.com


After typing in our desired code, we press the "Execute code" button and receive the string located at the bottom of the previous screenshot.  Now to plug that string into the form on the Natas8 homepage.

http://natas8.natas.labs.overthewire.org


We submit the query, and...


Summary

Natas8 required us to look at its page source to obtain an encoded string which was subjected to specific operations in order to encode it.  To obtain the correct query string to obtain the password for the next level, we had to perform decoding on encoded string, which involved performing the reverse of the operations which were applied to the string to encode it.  Once we submitted the decoded string to the Natas8 homepage, we were able to access the password for Natas9.

Finish 











Comments

Post a Comment

Popular posts from this blog

TryHackMe - Windows PrivEsc - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Windows PrivEsc room hosted at https://tryhackme.com/room/w indows10privesc . For this walkthrough, we'll be using two virtual machines (VMs), a Kali Linux VM as our attacking machine, and the deployed Windows 10 client as the the victim machine. Task 1 - Deploy the Vulnerable Windows VM Press the green button here: The Windows machine should come online after a minute or two. The IP address of the machine can be found here: Of course, the actual IP address will probably be a different one from the one in the screenshot.  For the examples, however, we will use the IP address of 10.10.227.113 RDP should be available on port 3389 (it may take a few minutes for the service to start). You can login to the "user" account using the password "password321": xfreerdp /u:user /p:password321 /cert:ignore /v:10.10.227.113 Questions: Deploy the Windows VM and login using the "user" ...
Read more

TryHackMe - Reversing Elf - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Reversing ELF room hosted at https://tryhackme.com/room/ reverselfiles . For this walkthrough, we'll be using one virtual machine (VMs), a Kali Linux VM as our attacking machine. Task 1 - Crackme1 Questions What is the flag? Download the Task 1 Task File Copy it to your working directory Give the file executable permissions Run the file chmod +x crackme1 ./crackme1 Task 2 - Crackme2 Questions What is the super secret password ? Give the file executable permissions Run Ltrace on the file with a test string chmod +x crackme2 ltrace ./crackme2 test ./crackme2 passwordFoundInPreviousStep Task 3 - Crackme3 Questions What is the flag? Give the file executable permissions Run strings on the file Echo the base64 string you found, pipe it into Base64 decode chmod +x crackme3 strings crackme3 echo “ base64stringFoundInPreviousStep ” | base64 -d Task 4 - Crackme4 Questions What is the password ? Give the file execu...
Read more

TryHackMe - XSS - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the XSS room hosted at https://tryhackme.com/room/ xss . For this walkthrough, we'll be using two virtual machines (VMs), the TryHackMe AttackBox VM as our attacking machine, and the deployed XSS vulnerable web client as the the victim machine. Task 1 - Introduction Questions: Read the introduction. No answer needed Task 2 - Deploy your XSS Playground Questions Deploy the machine and navigate to http://<ip> No answer needed Task 3 - Stored XSS Questions The machine you deployed earlier will guide you though exploiting some cool vulnerabilities, stored XSS has to offer. There are hints for answering these questions on the machine. No answer needed Add a comment and see if you can insert some of your own HTML. Doing so will reveal the answer to this question. Register for the web-app with the following parameters Username: test Password: test Click the Register button  Click the “hamburger menu” button Click the ...
Read more