Natas Level 8
28 Sep 2015 • LeanderThis is a solution guide to the Natas8 Level at overthewire. This write-up was created on 28 September 2015.
First connect to the website
- http://natas8.natas.labs.overthewire.org
- Enter the following as the username natas8 and password DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe
The first thing we see is a text box where we can input a secret and submit it for something. When clicking submit it with nothing in the box we get “wrong secret”. So let’s click on the link that says view source code.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<?php
$encodedSecret = "3d3d516343746d4d6d6c315669563362";
function encodeSecret($secret) {
return bin2hex(strrev(base64_encode($secret)));
}
if(array_key_exists("submit", $_POST)) {
if(encodeSecret($_POST['secret']) == $encodedSecret) {
print "Access granted. The password for natas9 is <censored>";
}
else {
print "Wrong secret";
}}
?>
Forunately, we are able to get the algorithim used to encrypt the secret we need to input. We can see that on line 2 we have an encoded secret. So now we have to reverse the encodeSecret function to pass this level. So in order to reverse the code we need to take the encodedSecret from line 2 and pass it through a decoding sequence that does the following:
- Reverse the order of the algorithim starting from the outside in
- Pass the original encoded secret as a string to the newly created decoding function
- Enter the plaintext secret into the web browser
1
2
3
4
5
6
7
8
9
<?php
function decodeSecret($secret){
return base64_decode(strrev(hex2bin($secret)));
}
print "The secret is: ";
print decodeSecret("3d3d516343746d4d6d6c315669563362");
print "\n";
?>
Note that first we transform the secret into binary, because the last operation was to transform to hex. Next, we reverse the binary string. Last, we have to base64 decode the string. Our resulting output is oubWYf2kBq
. When we place the decoded output into the web text box and click submit. Bingo!
The password is natas9:W0mMhUcRRnG8dcghE4qvk3JA9lGt8nDl