Mar 28, 2022

OverTheWire – Natas 12

hey there, 

the older we get the harder the life is. here in OverTheWire it's a bit different. so level 12 is much easier if you've already passed the other 11 levels. (Good for you, by the way! what a journey, huh?!)

have you already read the script? actually, there is nothing new for us. we can get the same from the page: you should upload a .jpg file not bigger than 1KB. let's try it. 

before that, do you have burp suite? you're gonna need it. I should  confess, at first I hated it. now it's one of my best friends. please, download it and come back...I'll wait. if you have it already, you need to know how it works, right? Here I've found a tutorial for you to be quick, but I've learned it and in like 5 hours with this crazy guy.

I made just a random .txt file and tried to upload it to see what is happening when you don't upload the required .jpeg. 

Have you noticed? it has transferred it into .jpg. Let's see if we can transfer it into .txt again. and click on the uploaded file: 

voila! it reads the text file. this is so bad… so bad… this is my friend File inclusion vulnerability. what if we create a PHP file because we know that the server supports PHP. no worries, this is going to be easy, you just need one command: file_get_contents, and we already know where the password is right: /etc/natas_webpass/natas13. it should look like this: 


echo file_get_contents( "/etc/natas_webpass/natas13 ");

save the file as natas12.php and upload it. then just go back to your close friend burp suit and change the .jpg into .php, click forward. what do you think? what will happen if you open the uploaded file? do it yourself, I trust you! see you on the next level. 

I thought it's supposed to be easier...

No comments:

Post a Comment