Tuesday, October 30, 2012

OverTheWire Wargame "Natas" Level 5 [How-To/Web]

So we cracked Level 4 with some knowledge of HTTP headers and requests, and used a cool little app to help us out. Now we are on Level 5, and after logging it it presents us with a weird page:

Well wait, didn't we just log in? Why does it say we aren't?

OverTheWire Wargame "Natas" Level 4 [How-To/Web]

So Level 3 required a bit more knowledge of web servers and how searches parse them, but we got through it and are now on Level 4.

When we load up this level, we are welcomed by the following error:

So it can see where we are coming from, and it doesn't like it.

OverTheWire Wargame "Natas" Level 3 [How-To/Web]

After breaking Level 2 with some knowledge of how web servers hold their data, we move on to Level 3 which presents us with the same page as level 2:

OverTheWire Wargame "Natas" Level 2 [How-To/Web]

So Level 1 wasn't that bad, either. Let's start Level 2 with the credentials that we found in the previous level.

When we load up level 2, we are presented with this:

Kind of ironic since there's text, right?

OverTheWire Wargame "Natas" Level 1 [How-To/Web]

Level 0 was quite easy, for obvious reasons, so lets see if level 1 can be any harder.

For this one, right clicking has been blocked, so we can't break it like we did with level 0... or can we?

OverTheWire Wargame "Natas" Level 0 [How-To/Web]

OverTheWire has released a new WarGame called "Natas" which focuses on web security, so I thought I'd try my hand at it and give some walkthroughs/how-tos as I beat each level. I'm still a newbie at websec, so deal with me!

Going to the front page of Natas, it gives us the creds to get into level 0, so we need to find level 1's creds somehow.

Saturday, October 6, 2012

Fun subreddit and open wargame competitions; how I gained root to OHP #1

Recently I have been active on a subreddit called /r/HowToHack which consists of users posting different levels of hacking challenges for newbies and higher level skilled hackers to try their hand at. There is an IRC channel on the sidebar that I suggest going to, as it's fun an informational to be on.

The following write up can be found on the subreddit, as I originally posted it there when I won the OHP #1 wargame by gaining root access first.