OverTheWire:- Updated Natas Walkthrough — Level 10

Hello everyone, I would like to share how I solved Nastas CTF also Here is the updated password, I hope this write-up will be helpful.

hello Folks!!! it’s a samxia99

My Bio link:-https://beacons.ai/samxia99

Greetings everyone! I’m excited to share with you how I was able to successfully conquer a CTF challenge. Through this write-up, I’ll provide a clear explanation of my techniques and strategies, and I’m confident that it will greatly benefit those who are interested in CTF challenges. So, sit back, relax, and let me take you on an informative journey.

Just a quick reminder that the game has been updated, so the password has also been changed. I hope this password is helpful!

Natas Level 9 → Level 10

• Here are the login details.

Username: natas10
URL:      http://natas10.natas.labs.overthewire.org

• After logging in we can see this page.

• This level is pretty similar to the previous one. we need to find words containing passwords. but this time they filter certain characters. let’s view sourcecode.

• if($key != "") This line said the key is not (!) null. Then it matches with these characters.if(preg_match('/[;|&]/',$key) but we can’t use these characters [;|&] this time because it will show print "Input contains an illegal character!"; and we need to bypass this else {
passthru("grep -i $key dictionary.txt"); }.

the preg_match() This function searches the string for pattern, and returns true if the pattern exists otherwise returns false. it’s format like this ‘/xyz/’.

• so let’s try to bypass this level by using command injection. in this passthru("grep -i $key dictionary.txt") ($key) variable we need to keep our payload.

if we made a $key in this, it will show all a character words, so let’s try adding /etc/natas_webpass/natas11 dictionary.txt. you can choose to not add dictionary.txt but it doesn’t matter it shows the same thing.

Payload:-a /etc/natas_webpass/natas11 
Payload:-a /etc/natas_webpass/natas11 dictionary.txt 

• Boom !!! Here we got the password to the next level.

Pass:-1KFqoJXi6hRaPluAmk8ESDW4fSysRoIg

Hopefully, this write-up will be useful for everybody, I have tried to make it easy to read.

Next level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-11-8567487106b4

Previous level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-9-fa850f728d8f

PS:- THANKS FOR READING