Natas- level 8 Writeup

To look at plain site this resembles the level 6 where you have to enter a secret word ;), now let us look at the source code for further clarification


<html>
<head>
<!-- This stuff in the header has nothing to do with the level -->
	<link rel="stylesheet" type="text/css" href="http://natas.labs.overthewire.org/css/level.css">
	<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/jquery-ui.css" />
	<link rel="stylesheet" href="http://natas.labs.overthewire.org/css/wechall.css" />
<script src="http://natas.labs.overthewire.org/js/jquery-1.9.1.js"></script>
<script src="http://natas.labs.overthewire.org/js/jquery-ui.js"></script>
<script src=http://natas.labs.overthewire.org/js/wechall-data.js></script><script src="http://natas.labs.overthewire.org/js/wechall.js"></script>
<script>var wechallinfo = { "level": "natas8", "pass": "<censored>" };</script></head>
<body>
<h1>natas8</h1>
<div id="content">

<?

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) {
return bin2hex(strrev(base64_encode($secret)));
}

if(array_key_exists("submit", $_POST)) {
if(encodeSecret($_POST['secret']) == $encodedSecret) {
print "Access granted. The password for natas9 is <censored>";
} else {
print "Wrong secret";
}
}
?>

<form method=post>
Input secret: <input name=secret>

<input type=submit name=submit>
</form>
<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>
</div>
</body>
</html>

by looking at the source we can tell that there is a variable named “encodedSecret ” and its encoded and if that is validated against the result of the encodeSecret function it will give the password for the next level.

Now let’s see how it’s done


$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) { 
 return bin2hex(strrev(base64_encode($secret))); 
 } 

according to the function we should apply the following on the encodedSecret to get the secret

<?php
$secret = base64decode(strrev(hex2bin($encodedSecret)));
echo $secret
?>

 

NOTE

hex2bin is only available in PHP version 5.4 and above as described in the PHP maual we can aslo use the folowing method

 <?
echo base64_decode(strrev(pack("H*" , "3d3d516343746d4d6d6c315669563362")))
?> 

This will result in

oubWYf2kBq

We can user this as the secret adn derive the password for level 9

W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

level8-password.PNG

access Level 9 with the following credentials

Username: natas9
Password: W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl
URL: http://natas9.natas.labs.overthewire.org/

Follow the next post for NATAS 9 Write Up

NATAS 9

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: