Natas Level 8

natas level 8 message

This looks familiar, let’s jump right into the source code here.

natas level 8 source

It looks like we need to submit a string which will be equal to $encodedsecret after going through their encoding scheme which, when broken down looks like this:

function encodeSecret($secret) {
    $secret = base64_encode($secret);
    $secret = strrev($secret);
    $secret = pack("H*", $secret);
    return $secret;
}

If you are unfamiliar with any of these functions I encourage you to RTFM at php.net.

Since we already know the value of $encodedSecret we should be able to decode it and enter it in the form for the win.  To decode it we will run their encoding scheme in reverse with our own php script:

<?

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function decodeSecret($secret) {
    return base64_decode(strrev(pack("H*", $secret)));
}

echo decodeSecret($encodedSecret)."\n";

?>

Capture

So if we throw our output in the form:

natas level 8 win