Tuesday, October 30, 2012

OverTheWire Wargame "Natas" Level 2 [How-To/Web]

So Level 1 wasn't that bad, either. Let's start Level 2 with the credentials that we found in the previous level.

When we load up level 2, we are presented with this:

Kind of ironic since there's text, right?

Let's once again take a look at the source (this is becoming a thing!):

Hmm, just the normal text... and wait, an image? The <img src...> code is HTML for embedding a picture into a webpage. It's located at files/pixel.png, so we know it's on whatever server is running this webpage.

Let's try to navigate to it!

Well, if you opened it like I did, it's just a white page. That makes sense since it's just one pixel. But we know it exists on the server, and there has to be a folder called files. Lets see if we can get to that folder...

That's something we like to see, a directory listing! We can also see there's another file called "users.txt" in there!
Opening users.txt gives us:
Yay, a password for natas3!
We enter the natas3:lOHYKVT34rB4agsz1yPJ2QvENy7YnxUb on the next level and continue on...