Tuesday, October 30, 2012

OverTheWire Wargame "Natas" Level 1 [How-To/Web]

Level 0 was quite easy, for obvious reasons, so lets see if level 1 can be any harder.

For this one, right clicking has been blocked, so we can't break it like we did with level 0... or can we?

Again, I use Google Chrome, and in Chrome, you can save the source code to your drive!


If you open this up in a browser, it will still block right clicking, so lets open with our trusty friend Notepad++ (or you can cat it on a Linux system; I'm on Windows 7 right now).


Bam, we have the password for natas2: "aRJMGKT6H7AOfGwllwocI2QwVyvo7dcl".

Just as easy, but required a tiny bit of thinking on how to get the code. Lets move on to Level 2.

Here's a little extension if you care to know why this is bad, or why programming like this is bad.
This is known as client-side security and is really bad. Anything that is client side is controlled by the client and thus the hacker.
We can do things like save the page, change the code, and run it again, or change it directly in the browser by simply "inspecting" the code like Chrome allows... and that's not even an addon!

Keep hackin'.

13 comments: