OverTheWire Natas Level 7 -> Level 8

May 04, 2024

OverTheWire Natas Level 7 -> Level 8 - Walkthrough

OverTheWire Natas Solution

Introduction

In this level, I'll give you a walkthrough to the natas wargame Level 7 -> Level 8. We will utilize few php functions to decode the required secret that will be used to get the password for next level.

Goal

Login details

URL - http://natas8.natas.labs.overthewire.org
Username - natas8
Password - a6bZCNYwdKqN5cGP11ZdtPg0iImQQhAB

Theory

Encoding is used a lot in the web for masking various things using the scripting languages. We will do a bit of reverse engineering to get the secret for this level. I recommend you to google the functions used in the php code to read more about them and understand the code. This will help in not only clearing the level but also developing the mindset required to succeed in the cybersecurity field.

php uses bin2hex() function to convert a string of binary values to hexadecimal values. Using hex2bin() function, it converts a string of hexadecimal values to its binary representation.

php has strrev() function which reverses the string given as input.

The php function base64_encode() is used to encode the input string in base64.

Solution

Open the URL in a browser. Enter the username and password mentioned above.

The below screen appears on successfully logging in with an option to enter the secret and submit it.

Notice that "View sourcecode" link is also present on the page. Click on it and we can see the php code.

The code has an encoded secret which is compared with the value submitted by the user. If the entered value matches the secret then the password is displayed.
The function encodeSecret($secret) takes the user input and encodes in base64, reverses it and then converts the output to hexadecimal value using bin2hex() function.
Therefore, we will use the value of the variable $encodedSecret and decode it to get the actual secret value before submitting it to get the password. We will write some php code on an online php compiler to decode the secret. The code can also be written on local machine if php is installed.
Write below code on the php compiler-:
<?php
echo base64_decode(strrev(hex2bin("3d3d516343746d4d6d6c315669563362")));
?>

Copy the decoded secret and submit it on welcome page of the level to get the password.

This completes Level 8 walkthrough as we have the password for natas9. Please post your questions and doubts in the comment section.

Search This Blog

Identity And Access Management

OverTheWire Natas Level 7 -> Level 8 - Walkthrough

Comments

Post a Comment

Popular Posts

OverTheWire Bandit Level 25->Level 26 - Walkthrough

OverTheWire Bandit Level 32->Level 33 - Walkthrough