Did till natas7 b4 creating this repo
Starting from natas7
->Natas7
used concept of local file inclusion. open source code(ctrl+U) and hint is given that pwd is in /etc/.../natas8/. observe that url of home and about contains php part.
from "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion"
Typical proof-of-concept would be to load passwd file:
http://vulnerable_host/preview.php?file=../../../../etc/passwd. so just put /etc../natas8 in url instead of about.
->Natas8
nothing in ctrl+U. going to "view sourcecode" will find php code. take the encodedSecret, convert it to ascii, reverse it, decode base64 and lesgoo!!
->Natas9
play around. type * and it gives the source code. tried ls -a. # verifies that it's working. | cat
gives entire txt file. or just do http://natas9.natas.labs.overthewire.org/dictionary.txt (as proven by typing ls -a
in search)
given at beginning of natas - all pwds are at /etc/natas_webpass/natasX. so type | cat /etc/natas_webpass/natas10
.
->Natas10
search "" cat /etc/natas_webpass/natas11
.
->Natas11
WTF.
->Natas12
-
Notifications
You must be signed in to change notification settings - Fork 0
shivam-0806/over-the-wire-natas
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published