The form’s action is pretty self explanatory, but how does it work? passthru() executes system commands and displays the raw output. They are grepping for $key in the file “dictionary.txt”. There does not appear to any input sanitation, and this is good news for us 🙂 If we set $key
This looks familiar, let’s jump right into the source code here. It looks like we need to submit a string which will be equal to $encodedsecret after going through their encoding scheme which, when broken down looks like this: If you are unfamiliar with any of these functions I encourage
So we log in to Natas 7 and see two links, let’s click on “home” and check out the page source shall we? There are a couple things to notice here. After we click on home the address bar in our browser looks like this: http://natas7.natas.labs.overthewire.org/index.php?page=home index.php?page=home means that we
What’s the secret? Let’s find out! This time they give us the source code to index.php to look at. This is because when you right click > view source on a php page in your browser, only the html is visible, and not the php code. The source looks like
Hmmm, what to do, what do…. Should we try http://natas5.natas.labs.overthewire.org/admin.php…nope! How about http://natas5.natas.labs.overthewire.org/login.php…dangit bobbeh!! Is there anything in the souce? Doesn’t look like it to me. OH I KNOW! Let’s check out the HTTP headers. There are a lot of ways we could do this, but the weapon of choice
Wha wha!? I swear I wasn’t on poop.fart.xxx before I logged in to this level! Anyway, it’s saying authorized users should be coming from “http://natas5.natas.labs.overthewire.org/”. I think it can tell where we are coming from by reading the referer field out of the HTTP header. Wikipedia says: “[The referer] is
Well this looks familiar: I mean it’s kind of true this time, lets have a look at the source anyway shall we? How to hide stuff from google???? ROBOTS.TXT !!!! But what are they trying to hide anyway? Looks like there is a folder called /s3cr3t/ I wonder what’s in
So, natas level 2 is telling us there is nothing on this page…I don’t believe them! Let’s have a look at the page source: Apparently there is an image on the page that lives in the “files” folder. I wonder if there is anything else in that folder?? hmmmmmmmmm, users.txt
So level 1 looks a lot like 0, except this time it’s saying you can’t right click. IDK, maybe on IE 5 this javascript works the way you would think it should, but I had no problem right clicking as you can see here: And then of course we see
Today we’ll be reviewing Natas level 0 together. We log in to http://natas0.natas.labs.overthewire.org/ with the creds they provided: username: natas0 password: natas0 We’re then presented with the following message: They’re saying we can find the password for the next level on this page. After about an hour of head