-
DC-9 Vulnhub Walkthrough – OSCP way
Recently, My focus turned more towards OSCP and I am thinking of taking the exam. After reading tons of people’s experience over Reddit, I took some notes on what would be my way of studying for this. It isn’t easy from the looks of it and to win with time, I need a lot of…
-
OVERTHEWIRE NATAS SERIES: 25 – 26 LEVEL Walkthrough
Overthewire Natas Level 25 – 26 is based on directory traversal. The code have many restrictions because it sanitizes the user input and makes it harder for us to get the password. Let’s see how can we bypass it and get the access for the next level. The code for this level is here: The…
-
OVERTHEWIRE NATAS SERIES: 24 – 25 LEVEL Walkthrough
Overthewire Natas 25 Level is based on strcmp() function vulnerability. Generally, strcmp() is used to compare two strings together, We need to generate some kind of error here so we can obtain the password for the next level. The code for the level is here: So, I tried a lot of ways to generate error…
-
OVERTHEWIRE NATAS SERIES: 23 – 24 LEVEL Walkthrough
Overthewire natas level 23 – 24 is also based on PHP GET request parameter tampering. We have to carry out the injection in such a way that it fits both the conditions of the code. The code for this level is here: The two conditions to be fulfilled are: 1. passwd parameter should contain the…
-
OVERTHEWIRE NATAS SERIES: 22 – 23 LEVEL Walkthrough
Overthewire natas level 22 – 23 is the easiest of all levels, We just have to send a GET request as “/?revelio” to reveal the admin password. This code for this level looks like this: So, again I am using Burpsuite’s Repeater in order to make the GET request and here you go, the password…
-
OVERTHEWIRE NATAS SERIES: 20 – 21 LEVEL Walkthrough
OVERTHEWIRE NATAS level: 20 – 21 is quite different than all the other that we have completed. The code for this level is pretty hard to understand but took me a while but it’s done now. The problem lies in php code and how it is handling user input with the help of keys. We…
-
OVERTHEWIRE NATAS SERIES: 19 – 20 LEVEL Walkthrough
OVERTHEWIRE NATAS level 19-20 is similar to 18-19 level. We have to manipulate session in order to login as admin. In the last level, we just have to change the PHPSESSIONID number in order to gain the access to the admin account. We have to do the same in this level too but here the…
-
OVERTHEWIRE NATAS SERIES: 18 – 19 LEVEL Walkthrough
OVERTHEWIRE NATAS level 18-19 is based on session bypass. We have to login as admin without any credentials, in such cases we can look for the session value and try to change it because that’s the only way in after there is no credentials. So let’s do this. The code for the natas 18-19 level…
-
OVERTHEWIRE NATAS SERIES: 17 – 18 LEVEL Walkthrough
OVERTHEWIRE NATAS level 17-18 is about blind sql injection. To make the level more complicated, the output hasn’t been displayed. Let’s dive in the level: If you look at the code below. It is a simple code which takes the username and check for its existence in the table users. but No output display! This…
-
OVERTHEWIRE NATAS SERIES: 16 – 17 LEVEL Walkthrough
The walkthrough for the last level is available on this link: http://www.anonhack.in/2018/09/overthewire-natas-series-15-16-level-walkthrough/ This level is little bit similar to the last level. Here we have to perform a command injection. Let’s have a look at the source code of this level: See the highlighted text in the code above. $key variable is the one carrying our…
-
OVERTHEWIRE NATAS SERIES: 15 – 16 LEVEL Walkthrough
If you want to see the level 14- 15, follow this link: http://www.anonhack.in/2018/09/overthewire-natas-series-14-15-levels/ Level 15-16 is also based on SQL injection but here we have to work on boolean based SQL injection technique. Let me how you how: This is what the screen looks like: I put “natas16” as the user here and it turns out…
-
OVERTHEWIRE Natas: Walkthrough Series Level 11 – 12
LEVEL 11-12 is quite hard. It is about encryption, encoding, cookie and php code. Let’s dive in it: Login with the password we found in the last article, You will see the screen below. The hint points us to the cookie, So I checked cookie using Burpsuite and there is this string I found in…