OVERTHEWIRE NATAS level: 20 – 21 is quite different than all the other that we have completed. The code for this level is pretty hard to understand but took me a while but it’s done now.
The problem lies in php code and how it is handling user input with the help of keys. We need to submit key-value as admin here inorder to gain access to the next level.
The code for this level is here:

If you see closely, There is a key-value pair data and also the output comes from a file. So, what I need is to send the data in key value form. To do that I did this:
s %0A admin

It have me an error which is below:

The undefined offset error arises because the array is in key value pair and I just defined admin without a pair value. So If I use this:
admin 1

which is test%0Aadmin%201 in URL encoding form, I get the admin passsword!

There you go, the password for the next level is shown!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: