BB

technology and craziness.

BB

technology and craziness.

OverTheWire - Natas - Level 1 → Level 2

Warning: This post contains a solution!
Only continue if:
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!

Login using given credentials.

URL: http://natas2.natas.labs.overthewire.org
Username: natas2
Password: Zlurxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The message on the page is:

There is nothing on this page

A look into the source code of the page shows that a 1x1 pixel image is included.

1
2
3
4
<div id="content">
There is nothing on this page
<img src="files/pixel.png">
</div>

This seems to be an uninteresting PNG image. Checking it using file and strings don’t reveal something interesting.
Next check is to take a look to the contents of the files/ folder, which shows up a file called users.txt because directory listing is enabled in the Apache configuration.
The password for the next level is found in this file.

1
2
3
4
5
6
7
# username:password
alice:BYNdCesZqW
bob:jw2ueICLvT
charlie:G5vCxkVV3m
natas3:sJIJxxxxxxxxxxxxxxxxxxxxxxxxxxxx
eve:zo4mJWyNj2
mallory:9urtcpzBmH