- Published on
Over The Wire - Natas
Natas
Natas teaches the basics of server side web-security. Each level of natas consists of its own website located http://natasX.natas.labs.overthewire.org.
The server is a PHP server.
Topics range from searching through resource files to command injection as a means compromising the victim machine.
Level 0
natas0
Search HTML for pw.
Level 1
Pw in HTML, but must open source with hotkeys
Level 2
h4ubbcXrWqsTo7GGnnUMLppXbOogfBZ7
Pw isn't on the page but a resource file, users.txt.
http://natas2.natas.labs.overthewire.org/files/users.txt
Level 3
G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q
Pw isn't inside that file but robots.txt, a disallowed route
http://natas3.natas.labs.overthewire.org/robots.txt
http://natas3.natas.labs.overthewire.org/s3cr3t/users.txt
level 4
natas4:tKOcJIbzM4lTs8hbCmzn5Zr4434fGZQm
Use Burp & ProxyFoxy to intercept requests and change them before forwarding to the server.
The response will include the pw.
level 5
Z0NsrtIkJoKALBCLi5eqFfcRN82Au2oD
Use JS console to change document cookie and refresh.
document.cookie="loggedin=1"
level 6
fOIvE0MDtPTgRhqmmvvAOt2EfXR6uQgR
Checkout a file that is included in the source code that the page points to. http://natas6.natas.labs.overthewire.org/includes/secret.inc
level 7
jmxSiH3SP6Sonf8dv66ng8v1cIEdjXWr
We can trick the server into showing us the page at that path using a query parameter.
http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8
level 8
a6bZCNYwdKqN5cGP11ZdtPg0iImQQhAB
Use tehplayground.com to reverse engineer the encoded password thats being compared.
level 9
Sda6t0vkOPkM8YeOZkAGVhFoaplvlJFd
https://www.alevsk.com/2020/01/ctf-overthewire-natas9/
Use command injection
;ls -la; To see files on the server
;cat /etc/natas_webpass/natas10;
To read from a file on the server
level 10
D44EcsFkLxPIkAAKLosx8z3hxX1Z4MCE
Search for this value a /etc/natas_webpass/natas11
Use the logic of the function to invoke grep command and search for pw in a file on the server
level 11
1KFqoJXi6hRaPluAmk8ESDW4fSysRoIg