This article is a walkthrough for level 7 – 9 of overthewire Natas Web Attack Series. Visit the links below for the levels before these.
Let’s get on with it:
Level 7 – 8:
After logging in with the password we found in the last article. We are given with this screen.
A quick view on the Source code will tell you hint that the password file exist on the path /etc/natas_webpass/natas8.
This challenge shows the web application attack called Directory traversal.
Look at the URL I have written, the page variable here takes a file and output it on the browser page. So, We can take the file /etc/natas_webpass/natas8. Here is the password for level 8:
LEVEL 8 – 9
Login with the password you found.
This is the screen that will appear.
Click on “View Source code” to see what is happening actually.
See the code I have marked in red. The code is PHP code and there is a variable called $encodedSecret which carries a value.
The function encodeSecret takes the parameter of userinput and encode it in base64 then reverse it and then encode it to bin2hex.The if condition checks if the encoded secret entered by user matches the $encodedSecret variable value. If yes it will give out the password for the next level.
So you copy the $encode secret variable and use an online bin2hex decoder to decode it to reverse base64 string.
I used another online tool to reverse the above base64 string produced.
Finally, The base64 string that is obtained above will be decoded using online base64 decoders, and below is the string that will be the output of decoded string, which is the actual secret.
Hence, the password is obtained:
This series will continue in the next article. We will be looking at next levels in the next post. I will share the link here, once its done.