Did till natas7 b4 creating this repo
Starting from natas7
->Natas7
used concept of local file inclusion. open source code(ctrl+U) and hint is given that pwd is in /etc/.../natas8/. observe that url of home and about contains php part.
from "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion"
Typical proof-of-concept would be to load passwd file:
http://vulnerable_host/preview.php?file=../../../../etc/passwd. so just put /etc../natas8 in url instead of about.
->Natas8
nothing in ctrl+U. going to "view sourcecode" will find php code. take the encodedSecret, convert it to ascii, reverse it, decode base64 and lesgoo!!
->Natas9
play around. type * and it gives the source code. tried ls -a. # verifies that it's working. | cat
gives entire txt file. or just do http://natas9.natas.labs.overthewire.org/dictionary.txt (as proven by typing ls -a
in search)
given at beginning of natas - all pwds are at /etc/natas_webpass/natasX. so type | cat /etc/natas_webpass/natas10
.
->Natas10
search "" cat /etc/natas_webpass/natas11
.
->Natas11
WTF. 3 things - key,cipher,plaintext - are reqd. in XOR encryption. to find key do XOR of cipher and plaintext. plaintext = {"showpassword":"no","bgcolor":"#ffffff"}
. copy COOKIE, b64 decode it, XOR it using plaintext as key. key will be obtained as repeated pattern. now set showpwd to yes in plaintext and do reverse to find cookie. change value of cookie and reload page.
->Natas12
A malicious file such as a Unix shell script, a windows virus, an Excel file with a dangerous formula, or a reverse shell can be uploaded on the server in order to execute code by an administrator or webmaster later – on the victim’s machine.
-
Notifications
You must be signed in to change notification settings - Fork 0
shivam-0806/over-the-wire-natas
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published