Hello everyone, I would like to share how I solved Nastas CTF also Here is the updated password, I hope this write-up will be helpful.
hello Folks!!! it’s a samxia99
My Bio link:-https://beacons.ai/samxia99
Greetings everyone! I’m excited to share with you how I was able to successfully conquer a CTF challenge. Through this write-up, I’ll provide a clear explanation of my techniques and strategies, and I’m confident that it will greatly benefit those who are interested in CTF challenges. So, sit back, relax, and let me take you on an informative journey.
Just a quick reminder that the game has been updated, so the password has also been changed. I hope this password is helpful!
Natas Level 12 → Level 13
- Here are the login details.
Username: natas13
URL: http://natas13.natas.labs.overthewire.org- After logging in we can see this page.
- This level is the File Upload Restriction Bypass type level. so let’s view the source code.
- Here we can bypass this line
elseif (!exif_ imagetype ($_FILES [' uploadedfile'] ['tmp_name'])) { echo "File is not an image";Because we can convert images into PHP files. and bypass this level like last time. - Let’s try to upload an image.
- Here I got this because my image is 4.5kb.
- Now let’s start to solve this level open the burp suite and on the intercept after this upload img.
- Here we can remove this red gibberish to compress img. NOTE:- Do’t remove this line ÿØÿàJFIFÛ because it can be the header of this file.
- After removing the add paathru PHP script like last time in the middle, it’s not finished yet we need to replace jpeg with PHP. After that, we can forward the request.
- Here we change jpeg to PHP in three places. now forward the request.
Note:- Here I got max file error so try to remove more red gibberish.
- we now successfully converted the jpeg to PHP now click on the file and see what it holds.
- I can see here the file directory location like last time so let’s use the URL trick the same as last time. by adding ?samxia99=ls we use ls because we can see what page holds.
- Here is nothing much just file’s so we can try to view the password folder. /etc/natas_webpass/natas14.
http://natas13.natas.labs.overthewire.org/upload/7c3tvfo3h4.php?samxia99=cat%20/etc/natas_webpass/natas14
- Boom here we got the password to the next level.
Pass:-qPazSJBmrmU7UQJv17MHk1PGC4DxZMEPHopefully, this write-up will be useful for everybody, I have tried to make it easy to read.
Next level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-14-56d78dddd384
Previous level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-12-0688ea43ef92
PS:- THANKS FOR READING
