Skip to content

shivam-0806/over-the-wire-natas

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 

Repository files navigation

over-the-wire-natas

Did till natas7 b4 creating this repo
Starting from natas7

->Natas7
used concept of local file inclusion. open source code(ctrl+U) and hint is given that pwd is in /etc/.../natas8/. observe that url of home and about contains php part. from "https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.1-Testing_for_Local_File_Inclusion"
Typical proof-of-concept would be to load passwd file: http://vulnerable_host/preview.php?file=../../../../etc/passwd. so just put /etc../natas8 in url instead of about.

->Natas8
nothing in ctrl+U. going to "view sourcecode" will find php code. take the encodedSecret, convert it to ascii, reverse it, decode base64 and lesgoo!!

->Natas9
play around. type * and it gives the source code. tried ls -a. # verifies that it's working. | cat gives entire txt file. or just do http://natas9.natas.labs.overthewire.org/dictionary.txt (as proven by typing ls -a in search)
given at beginning of natas - all pwds are at /etc/natas_webpass/natasX. so type | cat /etc/natas_webpass/natas10.

->Natas10
search "" cat /etc/natas_webpass/natas11.

->Natas11
WTF.

->Natas12

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published