Wednesday, November 7, 2012

Home encoding hacking natas overthewire php wargames OverTheWire Natas Level 8

OverTheWire Natas Level 8

, , , , ,
Level 8 of the OverTheWires Natas wargame was pretty simple, as a developer, but could prove more difficult if you don't have similar background.

It starts out with a secret password input.
 Like other levels, I looked at the source code to see what was going on in the background.
 Based on this code, you can see that it has a stored secret value, that is base64 encoded, then reversed, and then converted to a hex string.  That value is then compared to the stored secret value, and if it's a match, it will give you the next level's password.

I decided to write a reversal program in php, since it was super easy.  The only problem it gave me, was that there is no built-in hex2bin method until a newer version of PHP than I had on my machine.  Luckily, on the bin2hex documentation page, someone kindly wrote a reversal function that I stole.
 Once I executed that program in php, it gave me the decoded password.  Once I entered it into the page, it gave me the password to the next level.

Labels:
Author Image

Author: Unknown
Waythemes is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design

Follow The Author
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Popular

  • Exploit Exercises - Protostar Stack 5
    Wow, this challenge was a tough one for me. I ran into some huge problems that I had to work out. Considering this is a "standard buf...
  • Buffer Overflow in HexChat 2.9.4
    Buffer Overflow in HexChat 2.9.4
    A buddy of mine, Mulitia , and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low...
  • Using .net to bypass AV
    Using .net to bypass AV
    I've read a ton of articles on bypassing Antivirus software when trying to run shellcode on machines. There's just a ton available....
  • Sysax Multi Server 6.10 SSH DoS
    Sysax Multi Server 6.10 SSH DoS
    I was recently fuzzing a bunch of SSH servers, hoping to find some remote code execution in a non-mainstream server. I ended up finding no c...
  • PWB Conclusions and the Future
    PWB Conclusions and the Future
    The results As I posted previously , I was taking the PWB course from Offensive Security . I am happy to report that I passed with ...
  • Sysax 5.64 HTTP Remote Buffer Overflow
    Sysax 5.64 HTTP Remote Buffer Overflow
    I have discovered a bug in the Sysax Multi-Server application .  More specifically, it's in the HTTP File Server service, which is not e...
  • Exploit Exercises - Nebula 01
    Continuing from my previous post, I started tinkering with the next Nebula wargame: Nebula 01 .  This one gives you some C code, which has ...
  • OverTheWire Natas Level 1
    OverTheWire Natas Level 1
    In continuing with the Natas wargame from OverTheWire , I tried my hand at level 1 .  It too was pretty easy.  It was just like the level 0 ...
  • Exploit Exercises - Nebula 02
    In this challenge, we're again provided with the source code to the vulnerable program. Only this time, they're not loading the ...
  • Exploit Exercises - Protostar Stack 3
    This challenge starts getting a little bit more involved than the previous ones. Instead of just providing a new value for the "modif...

Recent

Comments