OverTheWire:- Updated Natas Walkthrough — Level 11

Hello everyone, I would like to share how I solved Nastas CTF also Here is the updated password, I hope this write-up will be helpful.

hello Folks!!! it’s a samxia99

My Bio link:-https://beacons.ai/samxia99

Greetings everyone! I’m excited to share with you how I was able to successfully conquer a CTF challenge. Through this write-up, I’ll provide a clear explanation of my techniques and strategies, and I’m confident that it will greatly benefit those who are interested in CTF challenges. So, sit back, relax, and let me take you on an informative journey.

Just a quick reminder that the game has been updated, so the password has also been changed. I hope this password is helpful!

Natas Level 10 → Level 11

• Here are the login details.

Username: natas11
URL:      http://natas11.natas.labs.overthewire.org

• After logging in we can see this page.

• This level is the Insecure XOR Encryption type level. let’s check the view sourcecode to get a hint on this level.

• And there is too much script on this level. truly I don’t understand everything. but I searched for something and I know how to solve this level let’s follow my steps.
• Here we can change the background color by inputting the value.

• Here is our cookie that is protected and we need to decode it.

cookie:-MGw7JCQ5OC04PT8jOSpqdmkgJ25nbCorKCEkIzlscm5oKC4qeXx5bjY%3D

• First, we need to decode this url we can use the burp suite decoder.

• In the last %3D represents the (=) sign.

cookie:-MGw7JCQ5OC04PT8jOSpqdmkgJ25nbCorKCEkIzlscm5oKC4qLSgubjY=

• In the next step, we need to decode base64 that hints given in this line. setcookie("data", base64_encode(xor_encrypt(json_encode($d)))); we can use cyberchef. to get cipher text.

cipher text:-0l;$$98-8=?#9*jvi 'ngl*+(!$#9lrnh(.*-(.n6

• Now for the next step, you need to understand how XOR Encryption works.

• C = cipher text, K = key, P= plain text, you can google how it works.
• Now we have cipher text we need to find plain text, in the source code we have this plain text line $defaultdata = array( "showpassword"=>"no", "bgcolor"=>"#ffffff"); , and in the hints line, setcookie("data", base64_encode(xor_encrypt(json_encode($d)))); we need to make (json_encode($d) a plain text. to do this we go to https://onlinephp.io/ .

Plain text:-{"showpassword":"no","bgcolor":"#ffffff"}

• Now we get plain text and we need to drive the key, to drive the key we can go to cyberchef and use XOR, and in the key put plain text.

KNHLKNHLKNHLKNHLKNHLKNHLKNHLKNHLKNHLKNHLK

• Here we might get the key, so in the next step, replace the cookie with cipher text replace “no” with “yes” and use just XOR and put the key (KNHL).

0l;$$98-8=?#9*jvi7-?ibj.,-' $<jvim.*-(.*i3

• Here we got some text let’s go to the hint line; setcookie("data",base64_encode(xor_encrypt(json_encode($d)))); Here we need to encode xor_encrypt to base64_encode. to get a new cookie that might help to find the password.

New cookie:-MGw7JCQ5OC04PT8jOSpqdmk3LT9pYmouLC0nICQ8anZpbS4qLSguKmkz

• Now we get a new cookie replaced with the inspect cookie to get the password.

• after this refresh the page and Boom !!! we get the password to the next level here.

Pass:-YWqo0pjpcXzSIl5NMAVxg12QxeC1w9QG

Hopefully, this write-up will be useful for everybody, I have tried to make it easy to read.

Next level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-12-0688ea43ef92

Previous level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-10-ad29db6963c9

PS:- THANKS FOR READING