Natas Level 10 Writeup: Command Injection 2

URL: http://natas10.natas.labs.overthewire.org

1. Objective

Find the password for natas 11

2. Method

Open the Website:

Visit the provided URL in your browser.

Check the Source Code:

Bypassing the Filter:

Use command substitution $(command) to bypass the filter.

Enter the search term a $(find /etc/natas_webpass -name natas11 2>/dev/null).

Explore the Output:

Examine the output, revealing files like index-source.html.

Find the natas11 Password File:

Use the command a $(find /etc/natas_webpass -name natas11 2>/dev/null).

Locate the Password:

The password for natas11 is revealed

            >! /etc/natas_webpass/natas11:[Level 11 Password]
            dictionary.txt:
            dictionary.txt:African
            dictionary.txt:Africans
            dictionary.txt:Allah

Success

Use the password to proceed to the next level

______________________________________

NthApostle

Comments

Natas Level 11 Writeup: XOR Encryption

1. Objective Find the password for natas level 12. 2. Introduction When we open the webpage for Natas 11, we are greeted with the following message: Cookies are protected with XOR encryption. What is XOR: XOR is a binary operation that returns true (1) only when the number of true inputs is odd. It compares corresponding bits of two binary numbers, resulting in 1 for differing bits and 0 for identical bits. Example: Let's consider two binary numbers, A = 1010 and B = 1101. 1010 X 1101 ------- 0111 In this case, A XOR B equals 0111 in binary, or 7 in decimal. XOR Property: If A XOR B = C, then A XOR C = B. Verification: Let A = 1010, C = 0111, and find B. 1010 X 0111 ------- 1101 The result is 1101 in binary, which is B. So, A XOR C equals B, confirming the XOR property. This property holds true for any combination of A, B, and C, demonstrating that given any two values, you can find the third using XOR. 3. Exploration Ch...

Natas Level 14 Writeup: SQL Injection

1. Objective Find the password for natas level 15. URL: http://natas14.natas.labs.overthewire.org 2. Introduction After opening the webpage, we see a login form. We need to get the correct credentials or somehow bypass the login page in order to proceed to the next level. 3. Exploration Clicking on the View sourcecode link we are able to view the logic of the server side code. The following code snippet is used to query the database to check if the username and password are valid $query = "SELECT * from users where username=\"".$_REQUEST["username"]."\" and password=\"".$_REQUEST["password"]."\""; However, we immediately notice that the input is not being sanitized and is being used directly in the query via string concatenation. These shows us that there is potential for sq injection SQL injection is a cyber attack that exploits vulne...

Natas Level 7 Writeup: Directory Traversal

URL: http://natas7.natas.labs.overthewire.org Open the Website : Exploration : Page Navigation: Clicking on the "home" and "about" pages reveals the following links: http://natas7.natas.labs.overthewire.org/index.php?page=home http://natas7.natas.labs.overthewire.org/index.php?page=about Hint in Source Code: Inspecting the source code provides a hint about how the application includes pages. Exploit : URL Parameter Manipulation: Replace the page parameter with the desired file path: http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8 Success : You have successfully manipulated the URL parameter to access the password for natas8. Proceed to the next level using the acquired information. PS: In Natas0, it was stated that All passwords are also stored in /etc/natas_webpass/. E.g. the password for natas5 is stored in the file /etc/natas_webpass/natas5 and only readable by natas4 and natas5 That is how we know that the file...

Cyber Security Blog

Search This Blog