Natas WriteUp

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$===============================================================

===========================Natas_Writeup====================================================Eng.AhmedKamal=========================

===============================================================

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

[1]-Natas0:

URL:http://natas0.natas.labs.overthewire.org

USERNAME:natas0 -initial_password=natas0

PASSWORD:right click to view page source you will find the password for the next level on a comment in the page

("gtVrDuiDfck831PqWsLEZy5gyDz1clto").

==============================================================================================================================

[2]-Natas1:

URL:http://natas1.natas.labs.overthewire.org

USERNAME:natas1

PASSWORD:Oops right click is blocked in this level!! so you have to find another way to view page source or inspect elements,

then you'll find that ctrl-shift-c can inspect page elements, then you'll find that the password for the next level in a comment

("ZluruAthQk7Q2MqmDeTiUij2ZvWy2mBi").

==============================================================================================================================

[3]-Natas2:

URL:http://natas2.natas.labs.overthewire.org

USERNAME:natas2

PASSWORD:first thing right click to view page source, ok it's seems that there is nothing in the page, but look there is an image file,

ok from that we know that there is extra pages here, ok we'll try some directories,then i found a directory called files ,

navigate to it and you'll find a file called users.txt [natas2.natas.labs.overthewire.org/files/users.txt],

and you'll find the password for the next level ("sJIJNW6ucpu6HPZ1ZAchaDtwd7oGrD14").

========================================================================================================================================

[4]-Natas3:

URL:http://natas3.natas.labs.overthewire.org

USERNAME:natas3

PASSWORD:in this level page source won't work any more, so let's think in another way, Web site owners use the /robots.txt file to give

instructions about their site to web robots; this is called The Robots Exclusion Protocol.

so navigate to this file and open it and you will find a new directory that you dissallowed from visiting but we'll naviage to it

(http://natas3.natas.labs.overthewire.org/s3cr3t/), then you'll find a new file users,txt

and you'll find the password for the next level("Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ")

========================================================================================================================================

[5]-Natas4:

URL:http://natas4.natas.labs.overthewire.org

USERNAME:natas4

PASSWORD:ooPs there is an error alert message that you dissallowed to access this web page from your location and you should come from

(http://natas5.natas.labs.overthewire.org/) so i've to change the referer header in burp suite interception

and make the request come from (http://natas5.natas.labs.overthewire.org/) Instead of (http://natas4.natas.labs.overthewire.org/)

then click forward the request again and you'll get the password for the next level, this is("iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq")

========================================================================================================================================

[6]-Natas5:

URL:(http://natas5.natas.labs.overthewire.org/)

USERNAME:natas5

PASSWORD:the alert message said that'Access disallowed. You are not logged in', then i want to see how the sent request look like,

so i opened WireShark and analyse the last sent packet and saw that there is an attribute in the cookie header it's name "loggedin"

and it's value "0", here i knowed why the alert message said that access disallowed and don't loggedin,

so i want to change this attribute value, mmm, ok open the inspect window in the browser and get into the cookie storage location

and change the "logedin" value from zero to one and reload the page

and you'll be given the password for the next level in alert message and it is ("aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1")

========================================================================================================================================

[7]-Natas6:

URL:(http://natas6.natas.labs.overthewire.org/)

USERNAME:natas6

PASSWORD:In this page there is a input field and submit button ok, and a link"view sourcecode" by clicking on it,

you'll be redirected into 'index-source.html' in this page you'll find html code and a piece of php code that manage the input process,

then by chance i pressed ctrl+u to view source page, then in the source code after a while i found a directory

and the secret file path in the page, ok then i added this path to the url of the level and reload the page,

then you'll find "$secret = "FOEIUWGHFEEUHOFUOIU";" ok return to the home page of this level

and input the secret code in the input field and hit submit and the page will popup an alert message that contain

the password for the next level("7z3hEENjQtflzgnT29q7wAvMNfZdh0i9")

========================================================================================================================================

[8]-Natas7:

URL:(http://natas7.natas.labs.overthewire.org/)

USERNAME:natas7

PASSWORD:Let's start, on this page you'll find two another pages(Home.About) by entering home page you'll get a comment in the sourcecode

that contain a hint <!-- hint: password for webuser natas8 is in /etc/natas_webpass/natas8 --> ok then we have a new directory,

then i entered this path into the url of the page in the attribute(page = ) and it's look like

(http://natas7.natas.labs.overthewire.org/index.php?page=/etc/natas_webpass/natas8) reload the page and you'll be given the password

for the next level and it's ("DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe ")

========================================================================================================================================

[9]-Natas8:

URL:(http://natas8.natas.labs.overthewire.org/)

USERNAME:natas8

PASSWORD:This level has agood idea about reviewing sourcecode, ok let's go: the page contains input field and submit button ,

by viewing the page source you'll find apiece of php code and contains: $encodedSecret = "3d3d516343746d4d6d6c315669563362";

and a function that do some process on our input before comparing it with the encodedsecret,

well the processes it do on the input sequencly are (first it encodes it as base64 format, then reverse it's order,

then convert to hexadecimal), well we need to do these all operations on the inputed string in the opposite direction

(first we need to convert hexadecimal into ascii code then reverse it then decode it as base64 format),

ok all done you've to take the output string and input it in the input field in the home page

and you'll get the password for the next level ("W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl")

========================================================================================================================================

[10]-Natas9:

URL:(http://natas9.natas.labs.overthewire.org/)

USERNAME:natas9

PASSWORD:this level will discuss a new type of attack called 'command injection' ;cat /etc/natas_webpass/natas10