Natas- level 8 Writeup

To look at plain site this resembles the level 6 where you have to enter a secret word ;), now let us look at the source code for further clarification

<!-- This stuff in the header has nothing to do with the level -->
	<link rel="stylesheet" type="text/css" href="">
	<link rel="stylesheet" href="" />
	<link rel="stylesheet" href="" />
<script src=""></script>
<script src=""></script>
<script src=></script><script src=""></script>
<script>var wechallinfo = { "level": "natas8", "pass": "<censored>" };</script></head>
<div id="content">


$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) {
return bin2hex(strrev(base64_encode($secret)));

if(array_key_exists("submit", $_POST)) {
if(encodeSecret($_POST['secret']) == $encodedSecret) {
print "Access granted. The password for natas9 is <censored>";
} else {
print "Wrong secret";

<form method=post>
Input secret: <input name=secret>

<input type=submit name=submit>
<div id="viewsource"><a href="index-source.html">View sourcecode</a></div>

by looking at the source we can tell that there is a variable named “encodedSecret ” and its encoded and if that is validated against the result of the encodeSecret function it will give the password for the next level.

Now let’s see how it’s done

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) { 
 return bin2hex(strrev(base64_encode($secret))); 

according to the function we should apply the following on the encodedSecret to get the secret

$secret = base64decode(strrev(hex2bin($encodedSecret)));
echo $secret



hex2bin is only available in PHP version 5.4 and above as described in the PHP maual we can aslo use the folowing method

echo base64_decode(strrev(pack("H*" , "3d3d516343746d4d6d6c315669563362")))

This will result in


We can user this as the secret adn derive the password for level 9



access Level 9 with the following credentials

Username: natas9
Password: W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl

Follow the next post for NATAS 9 Write Up



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Powered by

Up ↑

%d bloggers like this: