The fantastic group at overthewire.org have created another wargame called Natas, the description of which is as follows:
A big thank you goes out to this group for creating compelling and well-organized wargames for people of any skillset or experience level!

I decided to go ahead and pair the writeups for the first two levels together, since they are very similar, and both very easy.

So, without further introduction, let's get started.


Level 0

We login to the first level using the credentials 'natas0:natas0', and we are presented with the following screen:



The page says that the password for the natas1 account is located somewhere on the page. However, upon inspection we don't immediately see the password. Our next guess is to simply view the HTML source of the page (this time by right-clicking in the page, and selecting 'View Source').

We are presented with the following source:

 <html>  
 <head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head>  
 <body>  
 <h1>natas0</h1>  
 <div id="content">  
 You can find the password for the next level on this page.  
 <!--The password for natas1 is 9hSaVoey44Puz0fbWlHtZh5jTooLVplC -->  
 </div>  
 </body>  
 </html>  

We can clearly see the password for natas1 hidden using an HTML comment.

Level 1

Using the credentials obtained from the previous challenge, we can log in to the level1 challenge, where we are presented with the following screen:


As the page mentions, right-clicking has been disabled. Therefore our previous method of viewing the source won't work. However, on most (if not all) browsers, the source can be obtained by navigating to the following URL (tested on Chrome):


Once loaded, we receive the following source code:

 <html>  
 <head><link rel="stylesheet" type="text/css" href="http://www.overthewire.org/wargames/natas/level.css"></head>  
 <body oncontextmenu="javascript:alert('right clicking has been blocked!');return false;">  
 <h1>natas1</h1>  
 <div id="content">  
 You can find the password for the  
 next level on this page, but rightclicking has been blocked!  
 <!--The password for natas2 is aRJMGKT6H7AOfGwllwocI2QwVyvo7dcl -->  
 </div>  
 </body>  
 </html>  

We can see the password for natas2 clearly listed in the source, which we can use to proceed to the next challenge.

Use the source, Luke. More writeups to come.
0 Comments
G+ Comments
Comments

0 comments:

Post a Comment

 
Top

Nhận xét mới đăng tải!

Loading…
X