Hello everyone, I would like to share how I solved Nastas CTF also Here is the updated password, I hope this write-up will be helpful.
hello Folks!!! it’s a samxia99
My Bio link:-https://beacons.ai/samxia99
Greetings everyone! I’m excited to share with you how I was able to successfully conquer a CTF challenge. Through this write-up, I’ll provide a clear explanation of my techniques and strategies, and I’m confident that it will greatly benefit those who are interested in CTF challenges. So, sit back, relax, and let me take you on an informative journey.
Just a quick reminder that the game has been updated, so the password has also been changed. I hope this password is helpful!
Natas Level 11 → Level 12
- Here are the login details.
Username: natas12
URL: http://natas12.natas.labs.overthewire.org- After logging in we can see this page.
- This level is Unrestricted File Upload Vulnerability with No Security Checks type level. let’s view sourcecode.
- Now we understand how this page works. let’s try to upload some file. Here I'm uploading a sam.php file and I got this msg.
- here I notice my PHP file is transferring in jpg.
- let’s try to change jpg to PHP here in the burp suite, and make intercept on.
- Change 9jjbz4jp29.jpg to 9jjbz4jp29.php and forward it. and Here we get the PHP file.
- click on the file and check it’s work.
- Here it’s working so let’s try to temper or write a script to get the password with the php file.
- Here I make a xia.php file and write some script that will help. upload file make sure to on intercept.
- Here we do the same thing change jpg to php like last time and forward request.
- Click on the php file and here we get some text. Here in the notice we get a URL hint that can lead the password to the next level.
- here I added ?samxia99=ls in front of php. to see what is hiding on this page. I added ? here because it’s an end php file and samxia99 because of script and = to execute the command hope you understand what I'm trying to say.
url:-http://natas12.natas.labs.overthewire.org/upload/d7ovbdjxs7.php?samxia99=ls
- Here we have some jpg files, let’s try to change the command to =cat /etc/natas_webpass/natas13.
url:-http://natas12.natas.labs.overthewire.org/upload/d7ovbdjxs7.php?samxia99=cat%20/etc/natas_webpass/natas13
- Boom !!! we get the password here to the next level.
Pass:-lW3jYRI02ZKDBb8VtQBU1f6eDRo6WEj9Hopefully, this write-up will be useful for everybody, I have tried to make it easy to read.
Next level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-13-1f5407b6f35a
Previous level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-11-8567487106b4
PS:- THANKS FOR READING
