Monday, October 29, 2012

OvertheWire - Natas Wargame Level 2 Writeup

Level 2

We can use the credentials obtained in the previous post to access Level 2. Once we log in, we are presented with the following screen:


As we did in the previous levels, we can start by viewing the source of the page, seen below:

 <html>  
 <head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head>  
 <body>  
 <h1>natas2</h1>  
 <div id="content">  
 There is nothing on this page  
 <img src="files/pixel.png">  
 </div>  
 </body></html>  

We can see an image embedded into the page, and upon further inspection, the image appears to be 1x1 pixels. At first I thought the challenge was more difficult than it really was, because I started looking to see if the password was embedded in the image. However, when this didn't work, I thought to check and see if the 'files' directory was listable. Sure enough, when we browse to http://natas2.natas.labs.overthewire.org/files/, we see the following:


Here we can see both our 'pixel.png' picture, as well as a text file called 'users.txt', which contains the following:

 # username:password  
 alice:BYNdCesZqW  
 bob:jw2ueICLvT  
 charlie:G5vCxkVV3m  
 natas3:lOHYKVT34rB4agsz1yPJ2QvENy7YnxUb  
 eve:zo4mJWyNj2  
 mallory:9urtcpzBmH  

In this file, we can see the password for natas3, which we can use to log in to the next challenge.

Moving right along. More writeups to come.

-Jordan




No comments:

Post a Comment