home about me security writeups subscribe

BB

technology and craziness.

BB

technology and craziness.

OverTheWire - Natas - Level 7 → Level 8

  | #En #Natas #OverTheWire #Walkthrough #Writeup
 153 words   One minute 
Warning: This post contains a solution!
Only continue if:
1.) you want to see a possible alternative solution or
2.) you are stuck and need a hint!

Login using given credentials.

URL: http://natas8.natas.labs.overthewire.org
Username: natas8
Password: DBfUxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Following code is used to verify the entered secret, as available in the site sourcecode:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

<?

$encodedSecret = "3d3d516343746d4d6d6c315669563362";

function encodeSecret($secret) {
    return bin2hex(strrev(base64_encode($secret)));
}

if(array_key_exists("submit", $_POST)) {
    if(encodeSecret($_POST['secret']) == $encodedSecret) {
    print "Access granted. The password for natas9 is <censored>";
    } else {
    print "Wrong secret";
    }
}
?>

The entered secret is compared with the $encodedSecret to verify the entered secret. Based on the code, the entered secret is:

  1. Base64 encoded:base64_encoded
  2. String reversed:strrev()
  3. Converted from binary to hex:bin2hex()

The solution is simple, just take the value from $encodedSecret and execute the steps backwards to get the valid secret.

Updated on 2019-12-12

Was my post useful? Consider buying me a coffee ☕️
Back | Home