OverTheWire: Natas Level 2 – #appsec #webapp #websecurity #wargames

Another day, another challenge…

In today’s blog post we’re going to solve level 2 from the Natas wargame.

Let’s begin.

Going to the following link we see:

Natas2_WarGame_1

We’ve acquired the password for level 2 from the level 1 challenge (screenshot below):

Natas1_WarGame_3

Entering the username of “natas2” and password from the above screenshot we see the following:

Natas2_WarGame_2

Nothing on the page, eh… I don’t believe that.

Let’s try, right click view source and see what we get.

Natas2_WarGame_3

We notice there’s an image source of a pixel.

Clicking this link we see:

Natas2_WarGame_4

It truly is just a pixel. What if we remove the “pixel.png”? Maybe there are other files on the system. Let’s try it.

Removing the “pixel.png” and pressing Enter we see:

Natas2_WarGame_5

We see an extra file – users.txt. I wonder what’s in it.

Clicking users.txt, we noticed that it lists the different username and passwords. The one we want is the fourth row – natas3. We’ve found natas3 password!

OverTheWire: Natas Level 1 – #appsec #webapp #websecurity #wargames

Another day, another challenge…

In today’s blog post we’re going to solve level 1 of the Natas challenge.

Let’s begin.

Going to the following URL we see:

Natas1_WarGame_1

From level 0, we were able to find the password of level 1 (screenshot below):

Natas_WarGame4

Entering the username of “Natas1” and password from the screenshot we see:

Natas1_WarGame_2

Looking at the message we noticed that right-clicking has been blocked. How can we get around this?

By adding “view-source” in the beginning of the URL.

Doing this we see:

Natas1_WarGame_3

We’ve acquired the password for level 2!

PicoCTF 2017 a Brief Introduction

Another day, another challenge…

Today’s blog post will discuss another CTF – PicoCTF.

The target audience for PicoCTF is a computer security game that is aimed at middle school and high school students, but anyone can join and play.

Topics explored are: forensics, cryptography, reverse engineering, web exploitation, binary exploitation, and miscellaneous challenges.

To learn more, go here.

Happy hacking!