Username: natas8
Password: a6bZCNYwdKqN5cGP11ZdtPg0iImQQhAB
URL: http://natas8.natas.labs.overthewire.org
Another secret key, let’s go ahead and view sourcecode. I look a PHP script like the one below…
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<?
$encodedSecret = "3d3d516343746d4d6d6c315669563362";
function encodeSecret($secret) {
return bin2hex(strrev(base64_encode($secret)));
}
if(array_key_exists("submit", $_POST)) {
if(encodeSecret($_POST['secret']) == $encodedSecret) {
print "Access granted. The password for natas9 is <censored>";
} else {
print "Wrong secret";
}
}
?>
I look func encodeSecret i can see that the “secret” entered is converted from bin to hex, reversed, and then base64 encoded so i have to reverse engineer this.
1
2
3
4
5
6
7
8
9
Convert hexadecimal string to binary with xxd -r -p command
==> $ echo '3d3d516343746d4d6d6c315669563362' | xxd -r -p
==> ==QcCtmMml1ViV3b
Reverse the character order with the rev command
==> $ echo '3d3d516343746d4d6d6c315669563362' | xxd -r -p | rev
==> b3ViV1lmmMtmCq==
Decode the reversed string using the base64 -d command
==> $ echo '3d3d516343746d4d6d6c315669563362' | xxd -r -p | rev | base64 -d
==> oubWYf2kBq
Now check pass with curl
1
curl -XPOST -u natas8:a6bZCNYwdKqN5cGP11ZdtPg0iImQQhAB -d "secret=oubWYf2kBq" -d "submit=" http://natas8.natas.labs.overthewire.org
Alright, i got the password! Moving on to level 9!
==> CTF: { natas9:Sda6t0vkOPkM8YeOZkAGVhFoaplvlJFd }
Comments powered by Disqus.